Security Incidents mailing list archives
Re: Weird Incoming IP's and port numbers.
From: "West P." <god-admin () home com>
Date: Mon, 27 Aug 2001 21:52:10 -0400
At the time of these connections there are a lot of requests to AIM and MSN's messanger services. Two computers where running one of each. These connections are probably to get the ad's and ticker news. So if the answer lies as a badly configured HTTP server farm wouldn't others be getting the same requests? (Im sure there are other users that have the same setup using AIM and MSN) Another suggestion was that my NAT wasn't blocking it as it should. If this is the case, how is the person connecting to me with 192.168.1.x address? Wouldn't it be their NAT that wasn't changing their internal IP back to their external IP? Since these last entries I have blocked all 192.168.1.x address except the ones I am using, and I distanced the IP's so they are not just 2, 3, and 4. I also haven't received any more requests. -West P. ----- Original Message ----- From: West P. <god-admin () home com> To: <incidents () securityfocus com> Sent: Sunday, August 26, 2001 10:21 PM Subject: Weird Incoming IP's and port numbers.
I'm using @home internet cable. I have the linksys cable router + 4 port switch. This splits the connection to 3 computers in the house. DHCP is turned off. The Internal IPs are 192.168.1.x (2,3,4)... Over the past
day
I received a couple of weird INCOMING entries in the log. DATE TIME SCR SCR_PORT DEST DEST_PORT 08/25/2001 13:24:52 192.168.1.8 80 <my ip address>
3976
08/25/2001 19:04:42 192.168.1.16 80 <my ip address> 4319 08/25/2001 23:25:38 192.168.1.9 80 <my ip address>
4450
How is it possible that these are coming into the router from the outside? Is this an error on the router? Do any of these ports seem familiar. Extra note: When I tried to make a connection with these ports from
within
my network it refused the connection and didn't put it in the incoming or outgoing log. Is there an explanation for this? --------------------------------------------------------------------------
--
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Weird Incoming IP's and port numbers. West P. (Aug 27)
- Re: Weird Incoming IP's and port numbers. Hugo van der Kooij (Aug 29)
- Re: Weird Incoming IP's and port numbers. West P. (Aug 29)
- <Possible follow-ups>
- RE: Weird Incoming IP's and port numbers. NESTING, DAVID M (SBCSI) (Aug 29)
- RE: Weird Incoming IP's and port numbers. Vachon, Scott (Aug 29)
- RE: Weird Incoming IP's and port numbers. NESTING, DAVID M (SBCSI) (Aug 30)