Security Basics mailing list archives
Massive port probs on 3123
From: "Dominick.S" <dsardina () si rr com>
Date: Thu, 12 Jun 2003 19:03:59 -0400
Hey List: Need ya help please.... Im being attacked on port 3123 as you can see on my "Incoming" router = log. 66.135.143.20 3123 212.126.10.100 3123 24.160.119.181 3123 66.135.143.20 3123 212.126.10.100 3123 66.135.143.20 3123 24.160.119.181 3123 66.135.143.20 3123 217.217.49.108 3123 66.135.143.20 3123 24.31.216.77 3123 217.217.49.108 3123 66.135.143.20 3123 217.217.49.108 3123 66.135.143.20 3123 So I pick out one of the IP's and email the hostmaster about the attack, = and this is his reply below. .. .. Hello, These 'attacks' are you running KaZaA. This IP is your KaZaA = supernode. Please learn how to use and understand your firewall. -nm ---------------------------------------------- I DONT RUN KAZAA!!!=20 WHY IS HE SAYING THIS CRAP! My network is very very small, and its virus free and bot/trojan free.=20 Firewall/Router, and desktops have Firewalls.=20 Kazaa is nowhere installed!! AND... that isnt the right port for a = supernode anyway!!! ---------------------------------------------- This is the letter I sent him..before his shitty reply. Dominick.S wrote:
To whom it may concern: Please have someone stop this machine from attacking my IP Address on port 3123. The attacking IP Address and Mask is below: --------------------------------------------------------------------- Attacker IP Address: 66.135.130.125 Attacker HostName: ip125.citycenter.sfo.interquest.net --------------------------------------------------------------------- Jun 12, 2003 20:37:26.359 UTC - (UDP) 66.135.130.125 : 2650 >>> my.ip.address : 3123 Jun 12, 2003 20:33:04.328 UTC - (UDP) 66.135.130.125 : 2650 >>> my.ip.address : 3123 Jun 12, 2003 20:30:30.234 UTC - (UDP) 66.135.130.125 : 2650 >>> my.ip.address : 3123 Jun 12, 2003 20:25:44.375 UTC - (UDP) 66.135.130.125 : 2650my.ip.address : 3123Jun 12, 2003 20:25:43.218 UTC - (UDP) 66.135.130.125 : 2650 >>> my.ip.address : 3123 Jun 12, 2003 20:20:11.250 UTC - (UDP) 66.135.130.125 : 2650 >>> my.ip.address : 3123 Jun 12, 2003 20:10:45.375 UTC - (UDP) 66.135.130.125 : 2650 >>> my.ip.address : 3123 Jun 12, 2003 20:07:11.265 UTC - (UDP) 66.135.130.125 : 2650 >>> my.ip.address : 3123 Jun 12, 2003 20:04:48.343 UTC - (UDP) 66.135.130.125 : 2650 >>> my.ip.address : 3123 Jun 12, 2003 19:59:57.343 UTC - (UDP) 66.135.130.125 : 2650 >>> my.ip.address : 3123 Jun 12, 2003 19:54:49.359 UTC - (UDP) 66.135.130.125 : 2650 >>> my.ip.address : 3123 Jun 12, 2003 19:52:50.296 UTC - (UDP) 66.135.130.125 : 2650 >>> my.ip.address : 3123 Jun 12, 2003 19:47:16.375 UTC - (UDP) 66.135.130.125 : 2650 >>> my.ip.address : 3123 Please have someone take a look at this offending machine. Thanks Again, Dominick S.
Im getting very angry over here, what should I do? The port is blocked @ the firewall. What else should I do?? Thanks for the help in Advance!! --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- Massive port probs on 3123 Dominick.S (Jun 12)
- Re: Massive port probs on 3123 Malte von dem Hagen (Jun 13)
- RE: Massive port probs on 3123 Dominick.S (Jun 13)
- Has or does anyone know what this .dll is for? rels (Jun 16)
- Re: Massive port probs on 3123 Johannes Ullrich (Jun 13)
- Re: Massive port probs on 3123 Joerg Over Dexia (Jun 13)
- <Possible follow-ups>
- RE: Massive port probs on 3123 Schouten, Diederik (Diederik) (Jun 13)
- Re: Massive port probs on 3123 Malte von dem Hagen (Jun 13)