Re: Request for information
Brad Powell (Brad.Powell@Eng.Sun.COM)
Thu, 23 Mar 95 16:27:48 PST
>From owner-ids@uow.edu.au Thu Mar 23 14:07:21 1995
>
>A review of the logs of my own intrusion detection system shows that
>DOCKMASTER.NCSC.MIL attempted to connect to port 2939 on my home system
>(which obviously isn't maestro.com) ten times in a two minute period at
>3.54 p.m. on March 20th. Don't know how I missed that on Monday.
>
>Question 1. What is port 2939 for? It isn't mentioned in any FAQ.
its down in user land. no real significance in itself.
to venture a guess I'd expect either an encrypted telnet (assuming a
good guy trying to connect to your host after being invited; or someone
publishing the fact that you had some service running there)
or a telnet bouncer/telnet backdoor (assuming you were broken into in
the past and bad-guy left one running).
>
>
>Question 2. Who do I report this to? This isn't a joke. I deeply
>resent this governmental attempt to invade my privacy.
What country are you in?
CERT, FBI, or root@DOCKMASTER.NCSC.MIL would be good places to start.
=======================================================================
Brad Powell : brad.powell@Sun.COM |
|
Full Time: Sr. Network Security Analyst |Part time: Cyberspace PI
ENS Network Security Group | and Consultant
Sun Microsystems Inc. |
=======================================================================
The views expressed are those of the author and may
not reflect the views of Sun Microsystems Inc.
=======================================================================