What's this? LBC-Watchdog cesdcdtrn Service: 33995

DrNeil · 09-04-2004, 04:14 AM

Hi I noticed this in my Firewall logs:

Google doesnt tell me much:

It's listed as

http://www.google.com/search?q=%22lb...&start=10&sa=N
LBC Watchdog
google -> define:LBC nothing really either
locate lbc on my server nothing either

The same Question marks for cesdcdtrn
Contents Delivery Management ??? Listed as port but WTF is it.

From us - 19 packets
To 61.173.0.251 - 1 packet
Service: lbc-watchdog (tcp/2816) (fp=TCP:1 a=DROP,none,eth0) - 1 packet
To 147.31.184.207 - 10 packets
Service: cesdcdtrn (tcp/2922) (fp=TCP:1 a=DROP,none,eth0) - 10 packets

Can anyone shed more light on this? Thanks

Opps forgot Suse 8.2, Kernel 2.4.x standalone no X, attched to a Serverbank with remote controls and ttyS0 console logins case your server goes awol.

unSpawn · 09-25-2004, 07:28 AM

Quite possibly the portnames where resolved using the /etc/services database (try "getent services <portname>" to see how).
This common way of resolving ports is worthless in these cases. When a process is running, try "lsof -lMnP -i tcp:<portnumber>" or "fuser -n tcp <portnumber>". If the process is not running, and no processname/PID/portnumber data is recorded you're out of luck AFAIK.

DrNeil · 09-25-2004, 08:58 AM

yeah, that's mostly the problem that /etc/services is used. Not much use on the more esoteric ports.

unSpawn · 09-25-2004, 12:53 PM

yeah, that's mostly the problem that /etc/services is used. Not much use on the more esoteric ports.
No, it's no use in general for this type of thing because it's a static mapping.

DrNeil · 09-25-2004, 07:44 PM

http://www.mynetwatchman.com/LID.asp?IID=120114642

This list was partly useful for the Sasser and Dabber Backdoor scans listed as monkeycom and sgi.* .