<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; CHARSET=UTF-8">
<META content="MSHTML 6.00.2800.1126" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Those ports are definitely closed. All logs
show those packets dropped, but I was just curious if there was something new
out there. These attempts just started last week or maybe the week
before. </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>These attempts are showing up on two different
boxes. Both are on the same DSL line from ATT and both are closed to all
of those ports. One box is a gateway (with no one behind it yet) and the
other is a mail server (only available to clients who ssh into the
box)</FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=dhahn@techangle.com href="mailto:dhahn@techangle.com">Dave Hahn</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=clue-talk@clue.denver.co.us
href="mailto:clue-talk@clue.denver.co.us">clue-talk@clue.denver.co.us</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Wednesday, January 29, 2003 9:06
AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [CLUE-Talk] Quick firewall
question</DIV>
<DIV><BR></DIV>Try 'netstat -apn' . That will tell you which processes
are connected to those ports. You can decide from there if you need
those ports and processes or not.<BR><BR>Your firewall shouldn't really have
any ports open unless you are sending those ports through DNAT to a machine
behind the firewall. <BR><BR>If you need ports open, try to restrict,
with iptables, who can access those ports.<BR><BR>-d <BR><BR>On Wed,
2003-01-29 at 08:56, Don Collier wrote:
<BLOCKQUOTE TYPE="CITE"><FONT color=#737373 size=2><I>Hello all. I
have a real quick firewall question. I have seen several hits on my
firewall on about 5 separate ports. The repetition of this looks
almost virus like on their part. </FONT><BR><FONT color=#737373
size=3> </FONT><BR><FONT color=#737373 size=2>The attempts try to get
access to ports 3128 6588 80 8080 and 1080. The attempts also come
from several different addresses.</FONT><BR><FONT color=#737373
size=3> </FONT><BR><FONT color=#737373 size=2>My computer is connected
directly to the WAN with no LAN link at all. Only one nic.
Running RH 7.3 (fully patched) with iptables fw.</I></FONT> </BLOCKQUOTE>
<TABLE cellSpacing=0 cellPadding=0 width="100%">
<TBODY>
<TR>
<TD>-- <BR>Dave Hahn <<A
href="mailto:dhahn@techangle.com">dhahn@techangle.com</A>>
</TD></TR></TBODY></TABLE></BLOCKQUOTE></BODY></HTML>