lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <FDB337BA-520C-11D8-AAB8-000A959E8664@eecue.com>
From: eecue at eecue.com (eecue)
Subject: Port scans from a Dedicated Micro Digital Sprite II

On Jan 28, 2004, at 11:59 AM, Daniel H. Renner wrote:

> The unit's setup was changed from the original as below to as follows 
> in
> an attempt to remove the router from the equation:
> Internet --- DSL modem --- switch --- DS2 with public IP

first of all i wouldn't connect a sprite to the internet... those boxes 
belong
on your internal network.  if you need to access it from outside then 
use
vpn.  i've used it and it works fine.

> Concurrent with EVERY attempt to access the DS2, a port scan was
> initiated from the DS2's address at the visiting address, and this can
> be reproduced at will.  For scan logs, see original email to vendor
> below.  (Public IPs modified.)

i think that your IDS is confused and really what happens is that when
the client software connects to the sprite it opens a bunch of ports (21
prehaps) and then the digital sprite connects back to your client on
those ports...

it's not really much of a port scan... maybe you should turn down the
sensitivity of your IDS's portscan detector.

btw those digital sprites rock..  they're multiple camera multiplexors
and hard drive recorders with time lapse recording built in.  and event
detection.  all in a nice little 1u rack mount box, but yeah keep it 
off the
internet.

-eek


....
A. David Bullock
eecue : programmer / designer / admin / human
http://eecue.com/
anything is possible



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ