| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <000801c4305b$f1709160$0100a8c0@cparena1consol> From: cheekypeople at sec33.com (Lee) Subject: A rather newbie question Like anything its all about what you may have or what they want, your logs show a few different ports but port 60096 stands out. I get these logs all day and get hit all day, whats systems do you use? what bandwidth have you got? are you actually seeing a degrade in browsing performance? you may just be a random product of the NET like the rest of us. Tell us a little more about your system. as far as nmap-ing well, didnt know that was illegal depends on your country, here info from port 60096 anyways, hope it helps you. Port number: 60096 > Common name(s): client-port on Red Hat Linux 9.0, Fedora Core 1, Red Hat > Enterprise 3 > > Common service(s): client > > Service description(s): Outgoing client connections from systems. > > Common server(s): RPC based services, Windows Messaging Service. > > Common client(s): All client software (SSH, Web clients, etc.) > > Common problem(s): Insecure client software > > Encrypted options: Not applicable > > Secure options: Not applicable > > Firewalling recommendations: Block inbound connections to client ports, > allow outgoing connections and returning packets (keep state) > > Attack detection: As a general rule data coming in to client ports that is > not part of an established connection is likely an attack. Exceptions exist > of course, such as FTP, various instant messenger protocols, file sharing > protocols, IRC's DCC, and so on. > > Related ports: 32768 and other client ports > > Related URL(s): > http://seifried.org/security/os/linux/20011005-linux-port-behavior.html > > Other notes: Port 32768 is the first port used by the operating system for > outbound connections, thus it is likely you will see outbound connections > from port 32768 and up. If you run netstat on Red Hat Linux or UNIX you will > see something like: > > [root@...ky web]# netstat -vatn > Active Internet connections (servers and established) > Proto Recv-Q Send-Q Local Address Foreign Address State > tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN > tcp 0 0 10.2.3.4:32768 10.3.4.5:22 > ESTABLISHED > tcp 0 0 10.2.3.4:32769 10.9.3.4:80 > ESTABLOSHED > > > > Lee @ STS > http://www.seethrusec.co.uk > Building Knowledge and Security.. > ----- Original Message ----- > From: "Schmidt, Michael R." <Michael.Schmidt@...obile.com> > To: <full-disclosure@...ts.netsys.com> > Sent: Sunday, May 02, 2004 8:41 AM > Subject: [Full-Disclosure] A rather newbie question > > > > If someone could take a quick look through my log file - it is very simple > and shows a bazillion requests that are being bounced off my firewall. I > would really appreciate it. My ISP didn't care and didn't respond when I > let him know about all this traffic that was wasting MY bandwidth. And then > they were upset when I nmapped back to a few addresses and hit some upstream > providers router - oh well, live and learn. They told me they would > terminate my contract if I kept that up. Hey I was just trying to find out > who the freaks were that are constantly attacking MY network. > > Anyway, what I am looking for is confirmation that even though I may be > new - I am not losing my brains or paranoid, thanks. > > I have updated all my systems to the latest patch version - but I'll tell > you, it is the users inside the firewall that cause the most problems. All > our machines have antivirus, all have antispyware, but they are used by my > kids and sometimes their friends, and therein lies the problem, but hanging > out in the background with you guys has opened my eyes to the craziness out > there. How is a "normal" citizen supposed to keep their computer safe on > the Internet? I don't think it is possible. > > > > >
Powered by blists - more mailing lists