Re: [pmfirewall] Help... Could someone here give me some security tips?

From: Steve Kaiser (skaiser@larsonwi.com)
Date: Thu Mar 08 2001 - 12:01:39 PST

• Next message: Mark Ramsden: "Re: [pmfirewall] SAMBA From External IP"
• Previous message: Allen Ahoffman: "Re: [pmfirewall] PmFirewall should be continued"
• In reply to: Geoffrey Sadler: "RE: [pmfirewall] Help... Could someone here give me some security tips?"
• Next in thread: EL CiD: "Re: [pmfirewall] Help... Could someone here give me some security tips?"

Someone is trying to connect to your SunRPC portmap port, often the
first step in scanning a system. See

    http://www.robertgraham.com/pubs/firewall-seen.html#1.1

Geoffrey Sadler wrote:

> It is trying to connect to your port 111. You got it backwards.
>
> -----Original Message-----
> From: owner-pmfirewall@pointman.org
> [mailto:owner-pmfirewall@pointman.org]On Behalf Of EL CiD
> Sent: Thursday, March 08, 2001 11:45 AM
> To: pmfirewall@pointman.org
> Subject: [pmfirewall] Help... Could someone here give me
> some security tips?
>
> Reading my log files.. I found the following Mar 7 16:57:21
> pinolero kernel: Packet log: input DENY eth0 PROTO=6
> 216.221.215.98:1762 65.180.26.26:111 L=60 S=0x00 I=11257
> F=0x4000 T=51 SYN (#50) From what I can understand, this
> IP 216.221.215.98 tried to connect to port 1762. Does
> anyone here knows what port 1762 does? Also, I did a Whois
> on this Ip , and this is the info I got. Pinging
> dns.openvenue.net [216.221.215.98] with 32 bytes of
> data: So its a DNS server... . I do run my own dns server,
> but why in hell would another DNS server tried to contact
> mine at port 1762?? Please any info will be appreciated
>

****************************************************************************
* To UNSUBSCRIBE from the list, send a message with "unsubscribe pmfirewall"
* in the message body to majordomo@pointman.org. Please direct other
* questions, comments, or problems to pmfirewall-owner@pointman.org.
*
* Need answers fast? Check the list archive located at:
* http://www.pointman.org/PMFirewall/list-archive/
*
****************************************************************************
* To UNSUBSCRIBE from the list, send a message with "unsubscribe pmfirewall"
* in the message body to majordomo@pointman.org. Please direct other
* questions, comments, or problems to pmfirewall-owner@pointman.org.
*
* Need answers fast? Check the list archive located at:
* http://www.pointman.org/PMFirewall/list-archive/
*

• Next message: Mark Ramsden: "Re: [pmfirewall] SAMBA From External IP"
• Previous message: Allen Ahoffman: "Re: [pmfirewall] PmFirewall should be continued"
• In reply to: Geoffrey Sadler: "RE: [pmfirewall] Help... Could someone here give me some security tips?"
• Next in thread: EL CiD: "Re: [pmfirewall] Help... Could someone here give me some security tips?"

This archive was generated by hypermail 2b29 : Sun Jun 10 2001 - 02:40:33 PDT