Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If someone can shed some light on this I would be grateful ...
Basically my internet setup is as follows
Modem >>> IP Cop firewall >>> 2 x Windows computers
just last night both computers,( but my wifes more than mine ), started trying to access port 800 on the IP Cop firewall
here is a sample >>
18:38:56 NEW not SYN? eth0 TCP 192.168.0.101 1154
192.168.0.1 800(MDBS_DAEMON)
something, in this case using port 1154 trying to access port 800
but also using ports
1139, 1150, 1153, 1155, 1156, 1157, 1929
to access port 800
is this normal or is something unpleasant happening
I have run ( updated ) virus scanner and do so regularly
floppy
edit
I should also add that both computers have firewalls installed in windows and there doesn't seem to be anything in there that shouldn't be there ???
Last edited by floppywhopper; 07-23-2005 at 06:30 PM.
Well, port #800 isn't listed in my /etc/services file, but a quick Google search indicates that this port is used by Microsoft's proxy-server, and the equivalent Unix proxy-server, Squid.
While I did not mention port 800, it is involved. Google turned up hits re: apache on this port, but it's still active and no apache is running on my machine. Did you ever find out anything regarding the hits on this port from inside?
Yeah I knew whatever it was was trying to access the proxy port
but my firewall ( Ip Cop ) is running a transparent proxy
and all my usual apps access the web OK
through the onboard firewall on my Win 98 comp.
Probing further back in the logs
it seems to happen only on Saturdays
so naturally I suspected something trying to update itself
but haven't been able to narrow it down
I must put a bit more effort in to it
At first I thought something very unpleasant might be happening
but now I dont think so
so as I said
I must get onto it
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
