Security....
James Kosin
jkosin at beta.intcomgrp.com
Tue Oct 26 16:41:51 UTC 2004
Eucke Warren wrote:
>>Everyone,
>>
>>I've actually had to lock down most ports on my server; because, I got
>>tired of all the attempts at attacks.
>>Everyone, please use a firewall. I've noticed many attacks to the
>>following ports:
>> 111 -- sunrpc ** this effects Linux machines
>> 135 -- DCE Endpoint Resolution
>> 137 -- netbios-ns
>> 139 -- netbios-ssn
>> 445 -- microsoft-ds ** these affects samba services as well.
>> 1433 -- ms-sql-s
>> 1434 -- ms-sql-m ** I don't know why SQL ports are being attacked.
>>
>> 1023 -- ???
>> 5554 -- ???
>> 9898 -- ??? ** this group may be related to PCAnywhere, or Worm, etc.
>>
>>The most active: port 445 by far!
>>
>>Just giving everyone a heads-up on the security issues.
>>James Kosin
>>
>>
>
>Good points James...you missed one though... port 22. I see more attempts on
>SSH than any other port....stupid and LAME attempts but more on this than
>any other...
>
>-Eucke
>
>
>
>
Yes, I missed that in the logs. They are so few attempts, I only got 2
during the one day I sampled. Of course, when they can connect, they
try several names.
I also left off ports: 55838, 1026, 1027, 4899, 1334, 1025,. 6129...
If anyone is interested, I can send a copy of the report or even the log
file information.
Thanks,
James Kosin
More information about the fedora-list
mailing list