Full Disclosure mailing list archives
Re: A rather newbie question
From: "Lee" <cheekypeople () sec33 com>
Date: Sun, 2 May 2004 16:41:01 +0100
Like anything its all about what you may have or what they want, your logs show a few different ports but port 60096 stands out. I get these logs all day and get hit all day, whats systems do you use? what bandwidth have you got? are you actually seeing a degrade in browsing performance? you may just be a random product of the NET like the rest of us. Tell us a little more about your system. as far as nmap-ing well, didnt know that was illegal depends on your country, here info from port 60096 anyways, hope it helps you. Port number: 60096
Common name(s): client-port on Red Hat Linux 9.0, Fedora Core 1, Red Hat Enterprise 3 Common service(s): client Service description(s): Outgoing client connections from systems. Common server(s): RPC based services, Windows Messaging Service. Common client(s): All client software (SSH, Web clients, etc.) Common problem(s): Insecure client software Encrypted options: Not applicable Secure options: Not applicable Firewalling recommendations: Block inbound connections to client ports, allow outgoing connections and returning packets (keep state) Attack detection: As a general rule data coming in to client ports that is not part of an established connection is likely an attack. Exceptions
exist
of course, such as FTP, various instant messenger protocols, file sharing protocols, IRC's DCC, and so on. Related ports: 32768 and other client ports Related URL(s): http://seifried.org/security/os/linux/20011005-linux-port-behavior.html Other notes: Port 32768 is the first port used by the operating system for outbound connections, thus it is likely you will see outbound connections from port 32768 and up. If you run netstat on Red Hat Linux or UNIX you
will
see something like: [root@funky web]# netstat -vatn Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN tcp 0 0 10.2.3.4:32768 10.3.4.5:22 ESTABLISHED tcp 0 0 10.2.3.4:32769 10.9.3.4:80 ESTABLOSHED Lee @ STS http://www.seethrusec.co.uk Building Knowledge and Security.. ----- Original Message ----- From: "Schmidt, Michael R." <Michael.Schmidt () T-Mobile com> To: <full-disclosure () lists netsys com> Sent: Sunday, May 02, 2004 8:41 AM Subject: [Full-disclosure] A rather newbie questionIf someone could take a quick look through my log file - it is very
simple
and shows a bazillion requests that are being bounced off my firewall. I would really appreciate it. My ISP didn't care and didn't respond when I let him know about all this traffic that was wasting MY bandwidth. And
then
they were upset when I nmapped back to a few addresses and hit some
upstream
providers router - oh well, live and learn. They told me they would terminate my contract if I kept that up. Hey I was just trying to find
out
who the freaks were that are constantly attacking MY network.Anyway, what I am looking for is confirmation that even though I may benew - I am not losing my brains or paranoid, thanks.I have updated all my systems to the latest patch version - but I'll
tell
you, it is the users inside the firewall that cause the most problems.
All
our machines have antivirus, all have antispyware, but they are used by my kids and sometimes their friends, and therein lies the problem, but
hanging
out in the background with you guys has opened my eyes to the craziness
out
there. How is a "normal" citizen supposed to keep their computer safe on the Internet? I don't think it is possible.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- A rather newbie question Schmidt, Michael R. (May 02)
- RE: A rather newbie question Aditya, ALD [Aditya Lalit Deshmukh] (May 02)
- Message not available
- RE: A rather newbie question Elvedin Trnjanin (May 02)
- Message not available
- Re: A rather newbie question morning_wood (May 02)
- RE: A rather newbie question Aditya, ALD [Aditya Lalit Deshmukh] (May 02)
- Re: A rather newbie question lee (May 02)
- <Possible follow-ups>
- Re: A rather newbie question Lee (May 02)
- RE: A rather newbie question Schmidt, Michael R. (May 02)
- RE: A rather newbie question Schmidt, Michael R. (May 02)
- RE: A rather newbie question Schmidt, Michael R. (May 02)
- RE: A rather newbie question Schmidt, Michael R. (May 02)
- RE: A rather newbie question Ethan Vaughn (May 03)
- RE: A rather newbie question Ethan Vaughn (May 03)
- RE: A rather newbie question Ethan Vaughn (May 03)
- Re: A rather newbie question Italy Anonymous Remailer (May 02)
- Re: A rather newbie question Stephen Perciballi (May 03)
- RE: A rather newbie question Schmidt, Michael R. (May 03)
- RE: A rather newbie question Harlan Carvey (May 03)