- A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: help with log analysis [7:67581] posted 04/22/2003
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

Hi Karyn,

as far as I can see the following is happening:

(1) source host is talking from source port 477 to port 6588
on you rmachine. See  for details onm who owns the souirce ip address space.

Port 477 is the ss7ns port. I suspect that thi scould be something to do
with the telco standard SS7 (for signalling networks), but you can check
with Jean-Michel URSCH (ursch@xxxxxxxxxxxxxxxxx) for more details. Generally
these port are viewed as well known and hopefully there will be a standard
available to tell you how it works - but no guarantees.

(2) source hpst is talking from source port 49152 to port 22
on your machine. This one is a little more interestiong, as it means that
host is trying to attempt a secure shell login (ssh) to your

(3) source host (port 34353) is talking to your machine on
destinatino prot 49152, which is the same port as the source machine in (2). belongs to a Canadian ISP -

(4) host belongs to Bellsouth and while I'm trying to find out
what (8/0) means this is an ICMP packet telling you rmachine of some traffic
problems/processes at a network layer (e.g. ping, traceroute, destinatino
unreachable). A similar thing is happening with source host
(a customer of Deutsche Telecom).

(5) Lastly source host (source port 4031) is talking to your
machine (destinatino port 46170). This is also interesting as 4031 is a
registered port for UUCP-SSL. SSL is the secure shell login that transmits
all information over an encrypted link after the link is set up. UUCP is a
UNIX utility that copies files from one system (or machine) to another
system (or machine). Find out more from Harald Welte . Host
belongs to a customer of EUNET in Finland.

Sorry if you knew this stuff already. HTH.


Message Posted at:
FAQ, list archives, and subscription info:
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx