On 17 Jul 2005, at 12:32, Timothy Murphy wrote:
> Most of these are targeted at ports 1026, 1027
> which I take to be some kind of ssh or ssl attack.
No - Calendar Access Protocol and ExoSee respectively - grep for the
number in /etc/services. ExoSee is some kind of personal file sharing
system, and I presume there is some Microsoft vulnerability on certain
machines providing CAP access.
> My question is, Should I be worried?
No - but you should be annoyed that these scumbags are interfering in
your life. You can spend the time trying to report them to their ISPs
but TBH it's pointless.
> Is there any chance that this attack will succeed at some point?
Yes, yes there is. All you need to do is
a) Have a Windows box inside your LAN running the vulnerable software.
b) Have your Shorewall box forwarding 1026 and 1027 to that Windows box.
There's a chance you'll win the lottery too.
> And is there anything more that I could or should do?
> (I'm running a standard shorewall firewall.)
Just make sure that your Shorewall only allows in just what you want,
and that the services thus exposed to the world are secure. You're most
likely doing that already. To check that, from a box in the outside
world, run
nmap publicIP.of.your.firewall
and check that all ports shown as open are intentionally open.
Niall
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
