Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] port 445
  • From: "Erwin Zierler - stubainet.at" <erwin.zierler@xxxxxxxxxxxx>
  • Date: Mon, 03 Dec 2001 10:01:23 +0100
  • Message-id: <3C0B3F63.5070402@xxxxxxxxxxxx>
Hi,

I had portscans from pD9E10B41.dip.t-dialin.net which I reported to
abuse@xxxxxxxxxxxx They answered within 24 hours and wrote:

"The user will be detected and we'll give him a warning."

I am not using portsentry but iplog, the portscan was very obvious
followed by an (unsuccessful) anon FTP connection attempt.
Typical script kiddy I guess.

To answer your question: check all your other logs for connection
attempts to all servers/daemons you run (just grep for the IP).
That should give you an idea what else happend.

Erwin

spiekey wrote:

Hello!

I am using logcheck and portsentry.
I read that port 445 is something from smb and not really a reason to worry
about, but well, its a external ip which wanted to "do" something.
Something to worry about?

Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Dec 3 01:43:47 suse portsentry[5576]: attackalert: TCP SYN/Normal scan from
host: pD951A6F2.dip.t-dialin.net/217.81.166.242 to TCP port: 445
Dec 3 01:43:47 suse portsentry[5576]: attackalert: Host 217.81.166.242 has
been blocked via wrappers with string: "ALL: 217.81.166.242"

Thanks!
Spiekey





--
Erwin Zierler | web- / host- / postmaster - stubainet.at
| erwin.zierler@xxxxxxxxxxxx / webmaster@xxxxxxxxxxxx
| Tel.: 0 5225 - 64325 Fax 99 Mobil: 0664 - 130 67 91


< Previous Next >
References