nothing to worry about.  It is trying to resolve port numbers using 
/etc/services.  Any port above 1023 is fair game to send requests from. 
  Your machine will respond to that port number.

In this case, blackjack is port 1025:
# grep -i blackjack ports.txt
blackjack         1025/udp   # network blackjack

George Toft, CISSP, MSIS
AGD,LLC
www.agdllc.com
623-203-1760


Jim wrote:
> I noticed my linux box seemed a bit slow today so I looked around and
> found the following when I ran ps-fu root.
> 
> UID        PID  PPID  C STIME TTY          TIME CMD
> root         1     0  2 02:51 ?        00:00:04 init
> root         2     1  0 02:51 ?        00:00:00 [keventd]
> root         3     1  0 02:51 ?        00:00:00 [ksoftirqd_CPU0]
> root         4     1  0 02:51 ?        00:00:00 [kswapd]
> root         5     1  0 02:51 ?        00:00:00 [bdflush]
> root         6     1  0 02:51 ?        00:00:00 [kupdated]
> root        10     1  0 02:52 ?        00:00:00 [mdrecoveryd]
> root        11     1  0 02:52 ?        00:00:00 [kjournald]
> root        26     1  0 02:52 ?        00:00:00 [loop0]
> root       161     1  0 02:52 ?        00:00:00 [eth0]
> root       214     1  0 02:52 ?        00:00:00 [khubd]
> root       741     1  0 02:52 ?        00:00:00 /usr/sbin/syslogd
> root       744     1  0 02:52 ?        00:00:00 /usr/sbin/klogd -c 3 -x
> root       747     1  0 02:52 ?        00:00:00 /usr/sbin/inetd
> root       750     1  1 02:52 ?        00:00:01 /usr/sbin/sshd
> root       760     1  0 02:52 ?        00:00:00 /usr/sbin/crond -l10
> root       763     1  0 02:52 ?        00:00:00 sendmail: accepting connections
> root       773     1  0 02:52 ?        00:00:00 /usr/sbin/httpd
> root       775     1  0 02:52 ?        00:00:00 /usr/sbin/gpm -m /dev/mouse -t i
> root       778     1  0 02:52 ?        00:00:00 [eth1]
> root       802     1  0 02:52 ?        00:00:00 smbd
> root       804     1  0 02:52 ?        00:00:00 nmbd
> root       805   804  0 02:52 ?        00:00:00 nmbd
> root       808     1  0 02:52 tty2     00:00:00 /sbin/agetty 38400 tty2 linux
> root       809     1  0 02:52 tty3     00:00:00 /sbin/agetty 38400 tty3 linux
> root       810     1  0 02:52 tty4     00:00:00 /sbin/agetty 38400 tty4 linux
> root       811     1  0 02:52 tty5     00:00:00 /sbin/agetty 38400 tty5 linux
> root       812     1  0 02:52 tty6     00:00:00 /sbin/agetty 38400 tty6 linux
> root       813   802  0 02:53 ?        00:00:00 smbd
> 
> I ran ftpwho and it showed only one ftp login.  I then ran netwatch and it
> showed two connections from different IP addresses.  I then ran tcpdump
> and it showed the follwing which got my attention.
> 
> 
> 03:14:36.904761 216-19-216-108.getnet.net.1041 > dsl-082-082-166-008.arcor-ip.net.3352: . 40961:42373(1412) ack 0 win 5840 (DF)
> 
> 03:14:47.336196 216-19-216-108.getnet.net.1040 > dialin-212-144-039-232.arcor-ip.net.blackjack: P 105985:106497(512) ack 0 win 5840 (DF)
> 
> What is this blackjack?  Will someone please let me know what kind of
> threat this is if any?  If it is a threat, what do I do about it?
> 
> Thanks
> 
> Jim
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 
> 
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss