[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] RE: Si Becker <71362.22@xxxxxxxxxxxxxx>

Subject: RE: [cobalt-security] RE: Si Becker <71362.22@xxxxxxxxxxxxxx>
From: Graeme Fowler <graeme.fowler@xxxxxxxxxxxxxx>
Date: Thu, 27 Dec 2001 11:56:55 -0000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Chae wrote:

> Did some more searching and the name/ID shown from 
> CompuServe...Si Becker <71362.22@xxxxxxxxxxxxxx>
> it actually shows up here http://www.sockets.com/services.htm 
> which lists all standard ports used :-
> 
> smpte           420/tcp    SMPTE
> smpte           420/udp    SMPTE
> #                  Si Becker <71362.22@xxxxxxxxxxxxxx>

...the comments in any services file are just that, comments. If you look
further up/down the list you mentioned (above) you'll see the name of Jon
Postel <postel@xxxxxxx> - he died last year (go to www.iana.net to see more
about him if you don't know).

Those comments are put in the files to annotate who actually assigned that
port to that service; NOT to say who's responsible for something this far
down the line!

Unless you're actually being scanned by CompuServe addresses, I betcha that
box just drops all mail in the bitbucket these days.

What you're seeing is logcheck pulling out the lines either side of a match
from your services file (/etc/services or a custom one carried by
portsentry/logcheck). Ignore them.

You need to use WHOIS (servers whois.arin.net, whois.apnic.net or
whois.ripe.net) to find out who's responsible for the scans.

Graeme
-- 
Graeme Fowler
System Administrator
Host Europe Group PLC

Prev by Date: Re: [cobalt-security] Securing RAQ3
Next by Date: [cobalt-security] Perhaps old news? IMAP - University of WA 12.264 overflow
Previous by thread: [cobalt-security] RE: Si Becker <71362.22@xxxxxxxxxxxxxx>
Next by thread: [cobalt-security] Securing RAQ3

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index