Bob Tanner wrote: > > Anyone know of any well known service that runs on port 1999? > > Our border router is getting pounded by requests from the 'net to port 1999 on > our network and several client's networks. > > The "attack"/probe is specific they are targeting linux boxes. > Bob, I've got two separate sources that both say the same thing: Port 1999 is used as the "tcp-id-port" for Cisco routers. Some sort of exploit is no doubt making the script-kiddie rounds. RFCs that list this stuff are RFC793 (TCP) and RFC768 (UDP). Hope this helps'idly, -S --------------------------------------------------------------------- To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org For additional commands, e-mail: tclug-list-help at mn-linux.org