How do you think worms, etc spread? Of course they go around randomly
knocking on ports to see if they're open... Try putting an unpatched
IIS box on an open pipe and count the seconds until it's hit... Average
life expectancy is around seven minutes...
Any port can be used by any service/daemon, legitimate or otherwise...
In fact you can replace a legitimate service on a box with something
nefarious very easily... If you allow web access to your box thru your
firewall and I have an exploit for your type of web server, I can make
your machine connect back out to an ftp box of my choice, download my
favourite rootkit/backdoor or just good old-fashioned netcat and then
run this bound to a port that's already allowed through your firewall,
i.e. ssh tcp 22.
I would suggest that you do a little bit of reading at
www.securityfocus.com and in particular search for rootkits, backdoors
As for not highlighting what you found through google, maybe you should
have googled first and asked questions later... Specific questions get
specific answers! ;-)
Timothy Murphy wrote:
>I asked a little while ago about interpreting LogWatches,
>and was surprised that none of the responses highlighted
>what now seems to me - after a little googly research - the essential point,
>namely that what matters is not the IP address of dropped packets
>but the port they are trying to access.
>For example, I see that in yesterdays LogWatch
>about one fifth of the 157 dropped packets targetted port 15118,
>which I see from <http://www.linklogger.com/commonscans.htm>
>is a DipnetOddbob worm.
>>About half the ports targetted seem associated to known attacks.
>The remainded seem mostly to consist of scans from one address
>targetting a large range of ports, eg 63 packets from 126.96.36.199
>scanning ports in the 32000 range.
>Why would anyone try that?
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!