| From: | Craig_Daines |
| Date: | 25 Jun 2001 at 23:20:34 |
| Subject: | Re: Internet Abuse and Port Hacks (reply) |
--- In amigactive@y..., "Neil Bothwick" <neil@w...> wrote:
> Craig_Daines said,
>
> > I am experiencing illegal ports opening via Miami. It's been happening
> > for some time now, even despite setting up a firewall in Miami strange
> > ports are popping up every now and then. I have turned on logging, and
> > am using syslog.library to collect evidence to pass to my ISP, as well
> > as scanning ports that are opened using GoPortScan to obtain service
> > information of ports opened.
>
> Ports shouldn't open if you don't have a server runing on hem. It's more
> likely that Miami is logging access attempts.
Well, ports are opening even if a server running on them: here is an
example of an illegal port attack which occured 2nite.
Access from host 211.162.94.1 to port tcp/111 allowed.
Lookup Enquiry of service port 111 reveals:-
TCP--sunrpc portmapper. Sun Remote Procedure Call/Portmapper.
NetInfo II lookup of this above host: UNKNOWN. Location Netherlands
dns FTP server.
> > What is the best thing to do in the event of abuse? I have passed the
> > logs onto my ISP and the ISP's of the hosts concerned, so hopefully
> > I've done the right thing 8)
>
> Most ISPs have an email address of abuse@isp for this sort of thing.
Yes I am aware of that, I have sent the log files to the ISP's
concerned.
> > Q2)
> > Some networks administrator information is not listed on some
> > networks. How do you go about looking them up?
>
> The RFCs state that mail for postmaster@domain must be accepted. If a
> mail to abuse@ files, try postmaster@
Thanks for your help.
Craig Daines
Technical Editor For 'The Crypt' Disk Magazine
http://www.thecryptmag.com
Quote carefully and read all ADMIN:README mails
To unsubscribe mailto:amigactive-unsubscribe@yahoogroups.com
Anyone sending unsubscribe messages to the list will be SHOT!
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/