network packets to port 40118

Hudson Delbert J Contr 61 CS/SCBN Delbert.Hudson at LOSANGELES.AF.MIL
Mon Nov 15 18:31:35 UTC 2004


Shango,

hmmmmm,,,

soundz like somebody has a worm or maybe DoS trying 
to contact someone over an unregistered port to 
communicate with host[s] outside.

every 17 seconds. hmmmm....programmed pattern from
same host.....i would do a hand-on eyeball of the host[s]

v/r,
~piranha

-----Original Message-----
From: ubuntu-users-bounces at lists.ubuntu.com
[mailto:ubuntu-users-bounces at lists.ubuntu.com]On Behalf Of Shango Oluwa
Sent: Saturday, November 13, 2004 8:40 AM
To: ubuntu list
Subject: network packets to port 40118


Greetings the List,

UbuntuLinux is a great advance in the OS sector and our organisation,
MeWe is supporting this project's development.

Installing across several laptops & workstations (some of them PII 266)
was a relaxed process with a few minor obstacles that my team & I 
solved easily. However, an internal router is showing intermittent
packets (approx. every 17 mins.) coming from UbuntuLinux machines 
and destined for an upstream server's port 40118.

Examples:

Nov 13 11:11:00 malcolmx Shorewall:all2all:REJECT: IN=eth1 OUT=eth0
MAC=aa.bb.cc.dd.ee SRC=192.x.y.z DST=192.p.q.r LEN=60 TOS=00 PREC=0x00
TTL=63 ID=54420 DF PROTO=TCP SPT=1022 DPT=40118 SEQ=3719141646 ACK=0
WINDOW=5840 SYN URGP=0

Nov 13 11:28:12 malcolmx Shorewall:all2all:REJECT: IN=eth1 OUT=eth0
MAC=aa.bb.cc.dd.ee SRC=192.x.y.z DST=192.p.q.r LEN=60 TOS=00 PREC=0x00
TTL=63 ID=22359 DF PROTO=TCP SPT=1022 DPT=40118 SEQ=492158226 ACK=0
WINDOW=5840 SYN URGP=0

This happens regardless of whether applications have been started 
(e.g. browser, email, etc) or not.

Can any user on this list suggest a means of discovering which process
is responsible for these SYN packets? This is an area with which
I am unfamiliar and any help would be appreciated.

Respect to the UbuntuLinux team for good work.

Regards,
Shango Oluwa.


-- 
ubuntu-users mailing list
ubuntu-users at lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-users




More information about the ubuntu-users mailing list