Security Basics mailing list archives
Re: Massive port probs on 3123
From: Joerg Over Dexia <over () dexia de>
Date: Fri, 13 Jun 2003 16:33:14 +0200
Hi.
Am 19:03 12.06.2003 -0400 teilte Dominick.S mir folgendes mit:
->So I pick out one of the IP's and email the hostmaster about
the attack, =
->and this is his reply below. .. .. Hello,
-> These 'attacks' are you running KaZaA. This IP is your KaZaA
= supernode.
->Please learn how to use and understand your firewall.
There's something to that.
->I DONT RUN KAZAA!!!=20
->WHY IS HE SAYING THIS CRAP!
->My network is very very small, and its virus free and
bot/trojan free.=20
->Firewall/Router, and desktops have Firewalls.=20 Kazaa is
nowhere
->installed!! AND... that isnt the right port for a = supernode
anyway!!!
Well, you'r probably using a dialup connection with a dynamic IP.
Someone had your IP before you, and that someone might have had
Kazaa running. Somebody was downloading from him, or some people
are searching for stuff, and they still hit the IP you have now.
Kazaa is even ignoring TCP RSTs afaik, so that goes on. Happens
to all of us with dialup IPs. Nothing you can do.
->Im getting very angry over here, what should I do?
->The port is blocked @ the firewall. What else should I do??
Don't look at your logs :)
Depending on the firewall, you can probably have them not logged.
Generally, the net is full of portscans, misdirected packets,
connections directed towards someone who had your IP before you
and other strange and wondrous things.
The attacks are there, too, and usually stupid. Some scans are
not more than statistical information gathering, many are just
stray packets. Just watch them sputter at your firewall like
insects on a front shield, and, rilly, _calm_down_.
hth, jo
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
Current thread:
- Massive port probs on 3123 Dominick.S (Jun 12)
- Re: Massive port probs on 3123 Malte von dem Hagen (Jun 13)
- RE: Massive port probs on 3123 Dominick.S (Jun 13)
- Has or does anyone know what this .dll is for? rels (Jun 16)
- Re: Massive port probs on 3123 Johannes Ullrich (Jun 13)
- Re: Massive port probs on 3123 Joerg Over Dexia (Jun 13)
- <Possible follow-ups>
- RE: Massive port probs on 3123 Schouten, Diederik (Diederik) (Jun 13)
- Re: Massive port probs on 3123 Malte von dem Hagen (Jun 13)