daveiw Posted September 24, 2002 Share Posted September 24, 2002 Recently my firewall is showing many attempted attacks by 216.15.156.162 including port scans, any ideas why? Dave :confused: 0 Quote Link to comment Share on other sites More sharing options...
Redwolf Posted September 24, 2002 Share Posted September 24, 2002 Well - which ports exactly? 0 Quote Link to comment Share on other sites More sharing options...
daveiw Posted September 24, 2002 Author Share Posted September 24, 2002 2837-2847 and counting... 0 Quote Link to comment Share on other sites More sharing options...
Madmatt Posted September 24, 2002 Share Posted September 24, 2002 Yesterday we sent out a mass mailing (CMBB release announcement) from that server, I wonder if thats what it was? Hmm... Is it still occuring? Madmatt 0 Quote Link to comment Share on other sites More sharing options...
daveiw Posted September 24, 2002 Author Share Posted September 24, 2002 Hello guys, It seems that the problem may be on my side. I am no techie but apparently it could be something to do with disconnecting from certain sites one of which is this, whereby the firewall prevents a 'reset' or 'ack' switch/signal to be sent... :confused: Anyway, I'll keep an eye on it, but thanks for your replies. Dave 0 Quote Link to comment Share on other sites More sharing options...
Redwolf Posted September 24, 2002 Share Posted September 24, 2002 Does your firewall tell whether these go to TCP or UDP ports or are ICMP messages? 0 Quote Link to comment Share on other sites More sharing options...
daveiw Posted September 24, 2002 Author Share Posted September 24, 2002 Originally posted by redwolf: Does your firewall tell whether these go to TCP or UDP ports or are ICMP messages?Yes, they are all tcp. 0 Quote Link to comment Share on other sites More sharing options...
Redwolf Posted September 24, 2002 Share Posted September 24, 2002 TCP port 2837 is used by some obscure Windows remote administration product. 0 Quote Link to comment Share on other sites More sharing options...
86smopuim Posted September 25, 2002 Share Posted September 25, 2002 Just a crazy Idea. there is currently a worm that infects old version of apache Open_SLL module. It sets up a peer to peer network with otehr infected machines. I dunno, something to look into. email if u want more info. 0 Quote Link to comment Share on other sites More sharing options...
Zarquon Posted September 25, 2002 Share Posted September 25, 2002 ...and when I get an Error 500 from your webserver, it says 'Apache 1.3.3'. This version is generally considered much too old to be safe. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.