Security Incidents mailing list archives
Re: "Authentication" attempts??
From: Chris Ess <azarin () RYOKO MERSEINE NU>
Date: Mon, 26 Mar 2001 01:06:17 -0500
Perhaps someone could help me understand this... I've been getting this from dozens of machines all accross the Internet, aimed at one of my Exchange Server's private (NAT) address, coming to port 113. As far as I know, port 113 is only used for IRC (Internet Relay Chat) authentication...no?
Port 113 is used for identd/authentication. Some IRC servers use it.... But that's not all. Many servers, especially mail servers, can request ident authentication.
The source IP's are completely random it seems, source ports are as well (3105, 41259, 1931, 4675, 51134...and the list goes on). Does anyone know what this would be? ...and perhaps WHY the target is my NAT address not the public IP?
How does your mail server identify itself to the outside? Is it by IP or by hostname? And does the hostname resolve to the external IP rather than the internal one? --CAE Kujikenaikara! Sub caelo noctis sto quod stellae mihi spem dant.
Current thread:
- "Authentication" attempts?? Los, Ralph (Mar 25)
- Re: "Authentication" attempts?? Peter Moody (Mar 26)
- Re: "Authentication" attempts?? Valdis Kletnieks (Mar 26)
- Re: "Authentication" attempts?? Chris Ess (Mar 26)
- <Possible follow-ups>
- Re: "Authentication" attempts?? Portnoy, Gary (Mar 26)
- Re: "Authentication" attempts?? Peter Moody (Mar 26)