I've had umpteen IPs knocking on this door yesterday. The router blocked them, so it's not a problem, but why that port?
Anne
Hi Anne.
2009/4/6 Anne Wilson cannewilson@googlemail.com:
I've had umpteen IPs knocking on this door yesterday. The router blocked them, so it's not a problem, but why that port?
Anne
I thought maybe it was a registered port so I checked my reference: ( http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers )
No luck there, sorry. But the list might be of use to you or others in the future.
Regards, Andrew
On Monday 06 April 2009 08:28:52 Spook ZA wrote:
Hi Anne.
2009/4/6 Anne Wilson cannewilson@googlemail.com:
I've had umpteen IPs knocking on this door yesterday. The router blocked them, so it's not a problem, but why that port?
Anne
I thought maybe it was a registered port so I checked my reference: ( http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers )
It wasn't on the list I have, either :-)
Anne
Anne Wilson wrote:
I've had umpteen IPs knocking on this door yesterday. The router blocked them, so it's not a problem, but why that port?
any chance you were running a torrent client, like to download the centos ISOs, which may have been using that port?
also, who knows, but there could be some new trojan/worm that listens on that port, so the botnets are trying to find each other... its more common for trojan/worms to connect out rather than in, but almost anything goes in the malware world...
On Mon, Apr 6, 2009 at 3:15 AM, Anne Wilson cannewilson@googlemail.com wrote:
I've had umpteen IPs knocking on this door yesterday. The router blocked them, so it's not a problem, but why that port?
It is related to Conflicker virus.
On Monday 06 April 2009 12:44:42 Kwan Lowe wrote:
On Mon, Apr 6, 2009 at 3:15 AM, Anne Wilson cannewilson@googlemail.com
wrote:
I've had umpteen IPs knocking on this door yesterday. The router blocked them, so it's not a problem, but why that port?
It is related to Conflicker virus.
I see. I normally have all ports closed and external checkers show the network as stealthed, but I had temporarily opened the IMAP port, which presumably drew the attention of the knockers. It's closed again now, but I will need to open in when I go on holiday as I collect mail from my server.
I open the IMAP inward port - I don't think I needed the outward one when I used this before - and I have fail2ban on the server, which stops repeated attempts at guessing the password. As far as I can see it has fully controlled the situation up to now. I'm just hoping that I have enough control in place.
Thanks to all who answered.
Anne
-
Anne Wilson -
John R Pierce -
Kwan Lowe -
Spook ZA