Security Incidents mailing list archives
"Authentication" attempts??
From: "Los, Ralph" <rlos () ENVESTNET COM>
Date: Sun, 25 Mar 2001 23:16:26 -0600
Perhaps someone could help me understand this...
I've been getting this from dozens of machines all accross the
Internet, aimed at one of my Exchange Server's private (NAT) address, coming
to port 113. As far as I know, port 113 is only used for IRC (Internet
Relay Chat) authentication...no?
<snip>
03/23/2001 16:49:08.480 - TCP connection dropped -
Source:<src-ip>, <src-prt>, Destination:192.168.34.2, 113
</snip>
The source IP's are completely random it seems, source ports are as well
(3105, 41259, 1931, 4675, 51134...and the list goes on). Does anyone know
what this would be? ...and perhaps WHY the target is my NAT address not the
public IP? Is this somehow tied to the mail server (Exchange 5.5) that is
the target?
Any insight is greatly appreciated,
Ralph M. Los
Sr. Internet Systems & Security Admin. (312) 827-3945 (direct)
EnvestNet Advisory Corp. (312) 296-9003 (wireless)
rlos () envestnet com
Current thread:
- "Authentication" attempts?? Los, Ralph (Mar 25)
- Re: "Authentication" attempts?? Peter Moody (Mar 26)
- Re: "Authentication" attempts?? Valdis Kletnieks (Mar 26)
- Re: "Authentication" attempts?? Chris Ess (Mar 26)
- <Possible follow-ups>
- Re: "Authentication" attempts?? Portnoy, Gary (Mar 26)
- Re: "Authentication" attempts?? Peter Moody (Mar 26)