| From: | Neil Bothwick |
| Date: | 25 Jun 2001 at 23:45:07 |
| Subject: | Re: Internet Abuse and Port Hacks (reply) |
Craig_Daines said,
> --- In amigactive@y..., "Neil Bothwick" <neil@w...> wrote:
>> Ports shouldn't open if you don't have a server running on hem. It's more
>> likely that Miami is logging access attempts.
> Well, ports are opening even if a server running on them: here is an
> example of an illegal port attack which occured 2nite.
A port cannot be opened if a server is not running on it, because here
is nothing to to answer any requests.
> Access from host 211.162.94.1 to port tcp/111 allowed.
That means that access to the port is allowed, but it goes no further if
you don't have a server running on port 111.
> Lookup Enquiry of service port 111 reveals:-
> TCP--sunrpc portmapper. Sun Remote Procedure Call/Portmapper.
111 is the standard port of the RPC port mapper, you probably don't
have this running unless you have installed NFS (Network File Service).
Portmap isn't run from InetD, you have to run it from a script called
when Miami starts up. If you are not doing so, then Mr 211.162.94.1 can
ring the bell and hammer on the door as much as he likes, there's no one
in to hear him.
>> > What is the best thing to do in the event of abuse? I have passed the
>> > logs onto my ISP and the ISP's of the hosts concerned, so hopefully
>> > I've done the right thing 8)
>>
>> Most ISPs have an email address of abuse@isp for this sort of thing.
> Yes I am aware of that, I have sent the log files to the ISP's
> concerned.
The situation is worsened by the fact that the owner of this computer
may not even be aware that it is port scanning. If he has inadvertently
installed a "Zombie" program on his PC, someone else will have access to
it and be able to run port scans and denial-of-service attacks.
Cheers
Neil
One size fits all: Doesn't fit anyone.
Quote carefully and read all ADMIN:README mails
To unsubscribe mailto:amigactive-unsubscribe@yahoogroups.com
Anyone sending unsubscribe messages to the list will be SHOT!
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/