Port 1080 is for proxy services. The attacker probally didn't do any tcp
sequencing to find out what OS you were running. Most of the exploits on
1080 are directed to M$ NT proxy servers. I also rely on portsentry and
hostsentry and swear by it. Darn good software. Although I run
portsentry, I also put filters in my router because I like the packet
logging that Cisco's do. If you have such a setup, I would recommend
doing the same.
On 6 Mar 2001, Dominic Mitchell wrote:
>
>
> Hi,
>
> Portsentry has detected many attempts to port 1080. It seems to
> have been block succesfully. I have a firewall installed. I have
> tried to close as many services as possible. For sure some
> services are running which should not due to a lack of knowledge
> on my part.
>
> What is port 1080 for? What is the next sensible thing to do?
>
>
> First attack:
>
> Mar 6 15:49:30 rlevesque portsentry[734]: attackalert: Connect from host:
>saglac122.destination.ca/209.47.101.124 to TCP port: 1080
> Mar 6 15:49:30 rlevesque portsentry[734]: attackalert: Host 209.47.101.124 has been
>blocked via wrappers with string: "ALL: 209.47.101.124"
> Mar 6 15:50:23 rlevesque portsentry[734]: attackalert: Connect from host:
>saglac122.destination.ca/209.47.101.124 to TCP port: 1080
> Mar 6 15:50:23 rlevesque portsentry[734]: attackalert: Host: 209.47.101.124 is
>already blocked. Ignoring
> Mar 6 15:50:30 rlevesque portsentry[734]: attackalert: Connect from host:
>saglac122.destination.ca/209.47.101.124 to TCP port: 1080
> Mar 6 15:50:30 rlevesque portsentry[734]: attackalert: Host: 209.47.101.124 is
>already blocked. Ignoring
>
> Second attack:
>
> Mar 6 16:15:46 rlevesque portsentry[734]: attackalert: Connect from host:
>02-071.051.popsite.net/64.24.21.71 to TCP port: 1080
> Mar 6 16:15:46 rlevesque portsentry[734]: attackalert: Host 64.24.21.71 has been
>blocked via wrappers with string: "ALL: 64.24.21.71"
> Mar 6 16:15:46 rlevesque portsentry[734]: attackalert: Connect from host:
>02-071.051.popsite.net/64.24.21.71 to TCP port: 1080
> Mar 6 16:15:46 rlevesque portsentry[734]: attackalert: Host: 64.24.21.71 is already
>blocked. Ignoring
> Mar 6 16:34:44 rlevesque portsentry[734]: attackalert: Connect from host:
>02-071.051.popsite.net/64.24.21.71 to TCP port: 1080
> Mar 6 16:34:44 rlevesque portsentry[734]: attackalert: Host: 64.24.21.71 is already
>blocked. Ignoring
>
> Third attack:
>
> Mar 6 17:36:14 rlevesque portsentry[734]: attackalert: Connect from host:
>08-112.051.popsite.net/64.24.23.112 to TCP port: 1080
> Mar 6 17:36:14 rlevesque portsentry[734]: attackalert: Host
> 64.24.23.112 has been blocked via wrappers with string: "ALL:64.24.23.112"
>
> Fourth attack:
>
>
> Mar 6 18:03:50 rlevesque portsentry[734]: attackalert: Connect from host:
>sarc3b180.snip.net/209.204.89.180 to TCP port: 1080
> Mar 6 18:03:50 rlevesque portsentry[734]: attackalert: Host 209.204.89.180 has been
>blocked via wrappers with string: "ALL: 209.204.89.180"
>
>
>
>
>
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
