Active Attack

ehsan · Jan 27, 2002

every single day i have a long report of active attack to my server.
like :

Connect from host: 217.219.3.132/217.219.3.132 to TCP port: 2000
attackalert: Host: 217.219.3.132 is already blocked. Ignoring
attackalert: Connect from host: raq569.uk2net.com/213.239.56.150

what are these ? and where can i found a description for tcp/ip ports like 2000 or 111

Thank you guys,

Juanra · Jan 27, 2002

Maybe you\'ll find this useful:
http://www.robertgraham.com/pubs/firewall-seen.html

Says nothing about port 2000 though.

See http://archives.neohapsis.com/archives/sf/ms/2001-q4/0181.html

ehsan · Jan 27, 2002

Thank you,
great links.
any body else has the same reports?

Koi · Jan 27, 2002

http://www.snort.org/ports.html

hedgehog · Jan 28, 2002

I get them daily, contacted my provider about it wand he said it was nothing about unless you have security holes on your system...

TRAIN YARD SOFTWARE · Feb 20, 2002

We get these 1000 page emails also

We get these 1000 page emails also :

Feb 19 07:58:01 steam portsentry[2555]: attackalert: Connect from host: 66.28.166.12/66.28.166.12 to TCP port: 111
Feb 19 07:58:01 steam portsentry[2555]: attackalert: Connect from host: 66.28.166.12/66.28.166.12 to TCP port: 111
Feb 19 07:58:01 steam portsentry[2555]: attackalert: Host: 66.28.166.12 is already blocked. Ignoring
Feb 19 07:58:02 steam portsentry[2555]: attackalert: Connect from host: 66.28.166.12/66.28.166.12 to TCP port: 111
Feb 19 07:58:02 steam portsentry[2555]: attackalert: Host: 66.28.166.12 is already blocked. Ignoring
Feb 19 07:58:02 steam portsentry[2555]: attackalert: Connect from host: 66.28.166.12/66.28.166.12 to TCP port: 111

TRAIN YARD SOFTWARE · Feb 20, 2002

also in this email

also in this email how do we fix this?

Feb 19 04:03:35 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS2.TRAINYARDSOFTWARE.NET?
Feb 19 04:03:36 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS1.TRAINYARDSOFTWARE.NET?
Feb 19 04:03:36 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS2.TRAINYARDSOFTWARE.NET?
Feb 19 04:03:37 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS1.TRAINYARDSOFTWARE.NET?
Feb 19 04:03:37 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS2.TRAINYARDSOFTWARE.NET?
Feb 19 04:03:38 tyshost named[23656]: sysquery: findns error (NXDOMAIN) on NS1.TRAINYARDSOFTWARE.NET?

this is huge errors everyday

Thread starter	Similar threads	Forum	Replies	Date
T	cpHulk security warning on deactived sshd service.	Security	2	Jan 11, 2023
	In Progress CPANEL-40545 - No brute force protection detected while Imunify360 active	Security	5	Apr 28, 2022
	firewalld.service = Active: inactive	Security	13	Mar 29, 2021
T	active system attack	Security	1	Jul 19, 2002
M	ACTIVE system attack...how?	Security	1	Mar 18, 2002

Search

Search

Active Attack

ehsan

Well-Known Member

Juanra

Well-Known Member

ehsan

Well-Known Member

Koi

Registered

hedgehog

Well-Known Member

TRAIN YARD SOFTWARE

Well-Known Member

TRAIN YARD SOFTWARE

Well-Known Member