[CLUE-Talk] Quick firewall question

[Don Collier]

Those ports are definitely closed.  All logs show those packets dropped, but I was just curious if there was something new out there.  These attempts just started last week or maybe the week before.  

These attempts are showing up on two different boxes.  Both are on the same DSL line from ATT and both are closed to all of those ports.  One box is a gateway (with no one behind it yet) and the other is a mail server (only available to clients who ssh into the box)
  ----- Original Message ----- 
  From: Dave Hahn 
  To: clue-talk at clue.denver.co.us 
  Sent: Wednesday, January 29, 2003 9:06 AM
  Subject: Re: [CLUE-Talk] Quick firewall question


  Try 'netstat -apn' .  That will tell you which processes are connected to those ports.  You can decide from there if you need those ports and processes or not.

  Your firewall shouldn't really have any ports open unless you are sending those ports through DNAT to a machine behind the firewall.  

  If you need ports open, try to restrict, with iptables, who can access those ports.

  -d 

  On Wed, 2003-01-29 at 08:56, Don Collier wrote: 
    Hello all.  I have a real quick firewall question.  I have seen several hits on my firewall on about 5 separate ports.  The repetition of this looks almost virus like on their part.  
     
    The attempts try to get access to ports 3128 6588 80 8080 and 1080.  The attempts also come from several different addresses.
     
    My computer is connected directly to the WAN with no LAN link at all.  Only one nic.  Running RH 7.3 (fully patched) with iptables fw. 
        -- 
        Dave Hahn <dhahn at techangle.com>  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue-talk/attachments/20030129/43b85ec5/attachment.html