GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: help with log analysis [7:67581] posted 04/22/2003
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Hi Karyn,

as far as I can see the following is happening:

(1) source host 170.208.15.82 is talking from source port 477 to port 6588
on you rmachine. See  for details onm who owns the souirce ip address space.

Port 477 is the ss7ns port. I suspect that thi scould be something to do
with the telco standard SS7 (for signalling networks), but you can check
with Jean-Michel URSCH (ursch@xxxxxxxxxxxxxxxxx) for more details. Generally
these port are viewed as well known and hopefully there will be a standard
available to tell you how it works - but no guarantees.

(2) source hpst 68.120.225.33 is talking from source port 49152 to port 22
on your machine. This one is a little more interestiong, as it means that
host 68.130.225.33 is trying to attempt a secure shell login (ssh) to your
machione.

(3) source host 66.59.145.10 (port 34353) is talking to your machine on
destinatino prot 49152, which is the same port as the source machine in (2).
66.59.145.10 belongs to a Canadian ISP - backland.net.

(4) host 216.79.10.135 belongs to Bellsouth and while I'm trying to find out
what (8/0) means this is an ICMP packet telling you rmachine of some traffic
problems/processes at a network layer (e.g. ping, traceroute, destinatino
unreachable). A similar thing is happening with source host 217.234.234.246
(a customer of Deutsche Telecom).

(5) Lastly source host 212.226.149.91 (source port 4031) is talking to your
machine (destinatino port 46170). This is also interesting as 4031 is a
registered port for UUCP-SSL. SSL is the secure shell login that transmits
all information over an encrypted link after the link is set up. UUCP is a
UNIX utility that copies files from one system (or machine) to another
system (or machine). Find out more from Harald Welte . Host 212.226.149.91
belongs to a customer of EUNET in Finland.

Sorry if you knew this stuff already. HTH.

Matthew.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=67831&t=67581
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx