The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Active Attack

Discussion in 'General Discussion' started by ehsan, Jan 27, 2002.

  1. ehsan

    ehsan Well-Known Member

    Joined:
    Dec 11, 2001
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    316
    every single day i have a long report of active attack to my server.
    like :

    Connect from host: 217.219.3.132/217.219.3.132 to TCP port: 2000
    attackalert: Host: 217.219.3.132 is already blocked. Ignoring
    attackalert: Connect from host: raq569.uk2net.com/213.239.56.150




    what are these ? and where can i found a description for tcp/ip ports like 2000 or 111

    Thank you guys,
     
    #1 ehsan, Jan 27, 2002
  2. Juanra

    Juanra Well-Known Member

    Joined:
    Sep 22, 2001
    Messages:
    777
    Likes Received:
    0
    Trophy Points:
    316
    Location:
    Spain
    Maybe you\'ll find this useful:
    http://www.robertgraham.com/pubs/firewall-seen.html

    Says nothing about port 2000 though.

    See http://archives.neohapsis.com/archives/sf/ms/2001-q4/0181.html
     
    #2 Juanra, Jan 27, 2002
  3. ehsan

    ehsan Well-Known Member

    Joined:
    Dec 11, 2001
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    316
    Thank you,
    great links.
    any body else has the same reports?
     
    #3 ehsan, Jan 27, 2002
  4. Koi

    Koi Registered

    Joined:
    Jan 27, 2002
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    301
    http://www.snort.org/ports.html
     
    #4 Koi, Jan 27, 2002
  5. hedgehog

    hedgehog Well-Known Member

    Joined:
    Nov 3, 2001
    Messages:
    122
    Likes Received:
    0
    Trophy Points:
    316
    I get them daily, contacted my provider about it wand he said it was nothing about unless you have security holes on your system...
     
    #5 hedgehog, Jan 28, 2002
  6. TRAIN YARD SOFTWARE

    TRAIN YARD SOFTWARE Well-Known Member

    Joined:
    Dec 20, 2001
    Messages:
    224
    Likes Received:
    0
    Trophy Points:
    316
    We get these 1000 page emails also

    We get these 1000 page emails also :

    Feb 19 07:58:01 steam portsentry[2555]: attackalert: Connect from host: 66.28.166.12/66.28.166.12 to TCP port: 111
    Feb 19 07:58:01 steam portsentry[2555]: attackalert: Connect from host: 66.28.166.12/66.28.166.12 to TCP port: 111
    Feb 19 07:58:01 steam portsentry[2555]: attackalert: Host: 66.28.166.12 is already blocked. Ignoring
    Feb 19 07:58:02 steam portsentry[2555]: attackalert: Connect from host: 66.28.166.12/66.28.166.12 to TCP port: 111
    Feb 19 07:58:02 steam portsentry[2555]: attackalert: Host: 66.28.166.12 is already blocked. Ignoring
    Feb 19 07:58:02 steam portsentry[2555]: attackalert: Connect from host: 66.28.166.12/66.28.166.12 to TCP port: 111
     
    #6 TRAIN YARD SOFTWARE, Feb 20, 2002
  7. TRAIN YARD SOFTWARE

    TRAIN YARD SOFTWARE Well-Known Member

    Joined:
    Dec 20, 2001
    Messages:
    224
    Likes Received:
    0
    Trophy Points:
    316
    also in this email

    also in this email how do we fix this?

    Feb 19 04:03:35 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS2.TRAINYARDSOFTWARE.NET?
    Feb 19 04:03:36 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS1.TRAINYARDSOFTWARE.NET?
    Feb 19 04:03:36 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS2.TRAINYARDSOFTWARE.NET?
    Feb 19 04:03:37 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS1.TRAINYARDSOFTWARE.NET?
    Feb 19 04:03:37 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS2.TRAINYARDSOFTWARE.NET?
    Feb 19 04:03:38 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS1.TRAINYARDSOFTWARE.NET?

    this is huge errors everyday
     
    #7 TRAIN YARD SOFTWARE, Feb 20, 2002
(You must log in or sign up to post here.)
Loading...
Similar Threads - Active Attack
  1. DennisMidjord

    We're shutting down nameservers - what about active domains?

    DennisMidjord, Jun 22, 2017 at 6:06 AM, in forum: Bind / DNS / Nameserver Issues
    Replies:
    4
    Views:
    54
    cPanelMichael
    Jun 22, 2017 at 9:38 AM
  2. e0xbr

    Unresponsive PHP-FPM & chkservd active

    e0xbr, May 12, 2017, in forum: General Discussion
    Replies:
    1
    Views:
    77
    cPanelMichael
    May 12, 2017
  3. bryancs

    SOLVED Free trial license active but asks activation

    bryancs, May 1, 2017, in forum: General Discussion
    Replies:
    2
    Views:
    168
    cPanelMichael
    May 2, 2017
  4. 360webfirm

    SSL Not active anymore on my WHM

    360webfirm, Apr 21, 2017, in forum: Security
    Replies:
    4
    Views:
    111
    cPanelMichael
    Apr 25, 2017
  5. gx-estudio

    Unauthenticated email and dkim, spf is active

    gx-estudio, Jan 3, 2017, in forum: E-mail Discussions
    Replies:
    9
    Views:
    406
    cPanelMichael
    Jan 24, 2017

Share This Page