On Sun 17 Jul 2005 13:25, Niall O Broin wrote:
> > Most of these are targeted at ports 1026, 1027
> > which I take to be some kind of ssh or ssl attack.
>> No - Calendar Access Protocol and ExoSee respectively - grep for the
> number in /etc/services. ExoSee is some kind of personal file sharing
> system, and I presume there is some Microsoft vulnerability on certain
> machines providing CAP access.
Thanks for the correction.
> > My question is, Should I be worried?
>> No - but you should be annoyed that these scumbags are interfering in
> your life. You can spend the time trying to report them to their ISPs
> but TBH it's pointless.
I've tried a couple of times emailing complaints
to addresses in China and Korea,
but as you say it has not been fruitful.
> > Is there any chance that this attack will succeed at some point?
>> Yes, yes there is. All you need to do is
> a) Have a Windows box inside your LAN running the vulnerable software.
> b) Have your Shorewall box forwarding 1026 and 1027 to that Windows box.
Well, as far as I can see, these packets are rejected as soon as they arrive,
so I don't think they could get to my grand-daughter's Windows machine.
> Just make sure that your Shorewall only allows in just what you want,
> and that the services thus exposed to the world are secure. You're most
> likely doing that already. To check that, from a box in the outside
> world, run
>> nmap publicIP.of.your.firewall
>> and check that all ports shown as open are intentionally open.
Thanks for the suggestion.
I've tried it out, and got quite a long list of ports:
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2005-07-17 15:24 BST
Interesting ports on 83-70-225-169.b-ras1.prp.dublin.eircom.net
(The 1020 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
110/tcp filtered pop3
143/tcp filtered imap
65301/tcp filtered pcanywhere
Nmap run completed -- 1 IP address (1 host up) scanned in 62.307 seconds
All of the ports say "filtered".
Does that mean I'm safe?
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!