Bob Tanner wrote:
> 
> Anyone know of any well known service that runs on port 1999?
> 
> Our border router is getting pounded by requests from the 'net to port 1999 on
> our network and several client's networks.
> 
> The "attack"/probe is specific they are targeting linux boxes.
> 

Bob, 

I've got two separate sources that both say the same thing:  Port 1999 is
used as the "tcp-id-port" for Cisco routers.  Some sort of exploit is no
doubt making the script-kiddie rounds.

RFCs that list this stuff are RFC793 (TCP) and RFC768 (UDP).

Hope this helps'idly,

-S

---------------------------------------------------------------------
To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org
For additional commands, e-mail: tclug-list-help at mn-linux.org