[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] portsenty

Subject: Re: [cobalt-users] portsenty
From: phoenix hawk <phawk@xxxxxxxxxxxxxxx>
Date: Fri Feb 20 06:32:00 2004
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Robert Morse wrote:

I have been seeing a lot of attackalerts on our RAQ2 like this lately:

Feb 20 04:42:32 admin portsentry[1312]: attackalert: Connect from host:
client302.gdal1.hawkcommunications.com/64.63.216.141 to TCP port: 1080

Anybody know what that means? Or better yet, how to stop it? How can I
shutdown port 1080? I don't think we are using it on the server.


Hi,

http://www.dshield.org/ports/port1080.php
http://www.sans.org/resources/idfaq/irc.php

Hmm... you cannot shutdown the port, it's just a
"port scanning" attempt to find out if you have that
port open. Since you do not have it open, well...

You can email the admin at hawkcommunications.com and
lodge a complaint, or assuming you have your own firewall,
ban that IP totally. However, if that is a dialup user
or broadband user, banning the IP won't work. Firstly,
since he has found that you have nothing on port 1080,
he will most likely move on. Secondly, he can always
dialup on another IP and start scanning you all over
again. How much of the Internet can you afford to ban? :P

Anyway, I suggest taking the log and passing it to the
admin(s) at hawkcomms for a start. :)

Regards.

Follow-Ups:
- RE: [cobalt-users] portsenty
  - From: Dan Kriwitsky

References:
- [cobalt-users] portsenty
  - From: Robert Morse

Prev by Date: [cobalt-users] portsenty
Next by Date: RE: [cobalt-users] portsenty
Previous by thread: [cobalt-users] portsenty
Next by thread: RE: [cobalt-users] portsenty

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index