Date: Sun, 9 Jul 2000 13:53:16 -0400 From: "Troy Settle" <troy@picus.com> To: <dave@allunix.com>, <freebsd-isp@freebsd.org> Subject: RE: port 113(hack attack?) Message-ID: <FCEELIAEIIECDGKKJLMIEEENCAAA.troy@picus.com> In-Reply-To: <200007081646540580.0158100A@web4.allunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_0004_01BFE9AD.08280E00 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Install identd. /usr/ports/security/pidentd It will make some things work a bit faster. IIRC, even sendmail and other MTAs will try an ident request these days. -- Troy Settle Network Analyst Picus Communications 540.633.6327 -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of David W. DeTinne Sent: Saturday, July 08, 2000 7:47 PM To: freebsd-isp@freebsd.org Subject: port 113(hack attack?) I have log_in_vain set in my rc.conf file. Ever since doing this I have witnessed all sorts of connection attempts to port 113, here are some examples; Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2132 Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2133 Connection attempt to TCP 24.11.229.88:113 from 130.236.254.50:61744 Connection attempt to TCP 24.11.229.88:113 from 130.236.254.50:61746 Connection attempt to TCP 24.11.229.88:113 from 131.220.43.1:3056 Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2211 Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2228 Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2229 Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2234 Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2250 Connection attempt to TCP 24.11.229.88:113 from 209.161.0.33:2966 Connection attempt to TCP 24.11.229.88:113 from 203.178.141.212:4723 The /etc/services file states that port 113 is used for a Authentication Service? My question is, what is happening here, is someone trying to access my system or is this normal? Thank You, David DeTinne ------=_NextPart_000_0004_01BFE9AD.08280E00 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content=3D"text/html; charset=3Dus-ascii" = http-equiv=3DContent-Type> <META content=3D"MSHTML 5.00.2920.0" name=3DGENERATOR></HEAD> <BODY bgColor=3D#ffffff style=3D"FONT-FAMILY: Georgia" text=3D#000000> <DIV> </DIV> <DIV><FONT size=3D2><SPAN class=3D025275117-09072000>Install = identd. =20 /usr/ports/security/pidentd</SPAN></FONT></DIV> <DIV><FONT size=3D2><SPAN = class=3D025275117-09072000></SPAN></FONT> </DIV> <DIV><FONT size=3D2><SPAN class=3D025275117-09072000>It will make some = things work a=20 bit faster. IIRC, even sendmail and other MTAs will try an ident = request=20 these days.</SPAN></FONT></DIV> <P><FONT size=3D2>--<BR> Troy Settle<BR> Network = Analyst<BR> =20 Picus Communications<BR> 540.633.6327<BR></FONT></P> <BLOCKQUOTE=20 style=3D"BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: = 0px; PADDING-LEFT: 5px"> <DIV align=3Dleft class=3DOutlookMessageHeader dir=3Dltr><FONT = face=3DTahoma=20 size=3D2>-----Original Message-----<BR><B>From:</B>=20 owner-freebsd-isp@FreeBSD.ORG = [mailto:owner-freebsd-isp@FreeBSD.ORG]<B>On=20 Behalf Of </B>David W. DeTinne<BR><B>Sent:</B> Saturday, July 08, 2000 = 7:47=20 PM<BR><B>To:</B> freebsd-isp@freebsd.org<BR><B>Subject:</B> port = 113(hack=20 attack?)<BR><BR></DIV></FONT> <DIV>I have log_in_vain set in my rc.conf file. Ever since doing this = I have=20 witnessed</DIV> <DIV>all sorts of connection attempts to port 113, here are some=20 examples;</DIV> <DIV><FONT size=3D2> <P>Connection attempt to TCP 24.11.229.88:113 from = 216.190.128.200:2132</P> <P>Connection attempt to TCP 24.11.229.88:113 from = 216.190.128.200:2133</P> <P>Connection attempt to TCP 24.11.229.88:113 from = 130.236.254.50:61744</P> <P>Connection attempt to TCP 24.11.229.88:113 from = 130.236.254.50:61746</P> <P>Connection attempt to TCP 24.11.229.88:113 from = 131.220.43.1:3056</P> <P>Connection attempt to TCP 24.11.229.88:113 from = 216.190.128.200:2211</P> <P>Connection attempt to TCP 24.11.229.88:113 from = 216.190.128.200:2228</P> <P>Connection attempt to TCP 24.11.229.88:113 from = 216.190.128.200:2229</P> <P>Connection attempt to TCP 24.11.229.88:113 from = 216.190.128.200:2234</P> <P>Connection attempt to TCP 24.11.229.88:113 from = 216.190.128.200:2250</P> <P>Connection attempt to TCP 24.11.229.88:113 from = 209.161.0.33:2966</P> <P>Connection attempt to TCP 24.11.229.88:113 from = 203.178.141.212:4723</P> <P>The /etc/services file states that port 113 is used for a = Authentication=20 Service?</P> <P>My question is, what is happening here, is someone trying to access = my=20 system or is this normal? </P> <P>Thank You,</P> <P>David DeTinne</P> <P> </P> <P> </P></FONT></DIV></BLOCKQUOTE></BODY></HTML> ------=_NextPart_000_0004_01BFE9AD.08280E00-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FCEELIAEIIECDGKKJLMIEEENCAAA.troy>