Date: Sun, 9 Jul 2000 13:53:16 -0400 From: "Troy Settle" <troy@picus.com> To: <dave@allunix.com>, <freebsd-isp@freebsd.org> Subject: RE: port 113(hack attack?) Message-ID: <FCEELIAEIIECDGKKJLMIEEENCAAA.troy@picus.com> In-Reply-To: <200007081646540580.0158100A@web4.allunix.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] Install identd. /usr/ports/security/pidentd It will make some things work a bit faster. IIRC, even sendmail and other MTAs will try an ident request these days. -- Troy Settle Network Analyst Picus Communications 540.633.6327 -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of David W. DeTinne Sent: Saturday, July 08, 2000 7:47 PM To: freebsd-isp@freebsd.org Subject: port 113(hack attack?) I have log_in_vain set in my rc.conf file. Ever since doing this I have witnessed all sorts of connection attempts to port 113, here are some examples; Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2132 Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2133 Connection attempt to TCP 24.11.229.88:113 from 130.236.254.50:61744 Connection attempt to TCP 24.11.229.88:113 from 130.236.254.50:61746 Connection attempt to TCP 24.11.229.88:113 from 131.220.43.1:3056 Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2211 Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2228 Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2229 Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2234 Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2250 Connection attempt to TCP 24.11.229.88:113 from 209.161.0.33:2966 Connection attempt to TCP 24.11.229.88:113 from 203.178.141.212:4723 The /etc/services file states that port 113 is used for a Authentication Service? My question is, what is happening here, is someone trying to access my system or is this normal? Thank You, David DeTinne [-- Attachment #2 --] <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content="text/html; charset=us-ascii" http-equiv=Content-Type> <META content="MSHTML 5.00.2920.0" name=GENERATOR></HEAD> <BODY bgColor=#ffffff style="FONT-FAMILY: Georgia" text=#000000> <DIV> </DIV> <DIV><FONT size=2><SPAN class=025275117-09072000>Install identd. /usr/ports/security/pidentd</SPAN></FONT></DIV> <DIV><FONT size=2><SPAN class=025275117-09072000></SPAN></FONT> </DIV> <DIV><FONT size=2><SPAN class=025275117-09072000>It will make some things work a bit faster. IIRC, even sendmail and other MTAs will try an ident request these days.</SPAN></FONT></DIV> <P><FONT size=2>--<BR> Troy Settle<BR> Network Analyst<BR> Picus Communications<BR> 540.633.6327<BR></FONT></P> <BLOCKQUOTE style="BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px; PADDING-LEFT: 5px"> <DIV align=left class=OutlookMessageHeader dir=ltr><FONT face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]<B>On Behalf Of </B>David W. DeTinne<BR><B>Sent:</B> Saturday, July 08, 2000 7:47 PM<BR><B>To:</B> freebsd-isp@freebsd.org<BR><B>Subject:</B> port 113(hack attack?)<BR><BR></DIV></FONT> <DIV>I have log_in_vain set in my rc.conf file. Ever since doing this I have witnessed</DIV> <DIV>all sorts of connection attempts to port 113, here are some examples;</DIV> <DIV><FONT size=2> <P>Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2132</P> <P>Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2133</P> <P>Connection attempt to TCP 24.11.229.88:113 from 130.236.254.50:61744</P> <P>Connection attempt to TCP 24.11.229.88:113 from 130.236.254.50:61746</P> <P>Connection attempt to TCP 24.11.229.88:113 from 131.220.43.1:3056</P> <P>Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2211</P> <P>Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2228</P> <P>Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2229</P> <P>Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2234</P> <P>Connection attempt to TCP 24.11.229.88:113 from 216.190.128.200:2250</P> <P>Connection attempt to TCP 24.11.229.88:113 from 209.161.0.33:2966</P> <P>Connection attempt to TCP 24.11.229.88:113 from 203.178.141.212:4723</P> <P>The /etc/services file states that port 113 is used for a Authentication Service?</P> <P>My question is, what is happening here, is someone trying to access my system or is this normal? </P> <P>Thank You,</P> <P>David DeTinne</P> <P> </P> <P> </P></FONT></DIV></BLOCKQUOTE></BODY></HTML>help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FCEELIAEIIECDGKKJLMIEEENCAAA.troy>