Port 21

From: WebSec WebSec (secure21st@hotmail.com)
Date: 05/31/01 

From: "WebSec WebSec" <secure21st@hotmail.com>
To: security@FreeBSD.ORG
Date: Thu, 31 May 2001 12:15:20 -0000

This past weekend my IDS and  honey pot picked-up stealth scans on port 21 to port 21.

I used a number of tools to "trace" IPs of scanners and they all pointed towards an asian organization.  (Understanding limitations of TCP, I do not think anyone will state that this means anything :( )

One of the honeypots was on a DSL assigned sub-net. IT makes me think that whoever scanned me was after residential computers.  (this  is no different from others except for IDS installed :) )

In my case all scans were "stealth".

Also, in my opinion it may not be a good idea to provide real IPs (at least in this list) because you never know how you can tip someone.  Yes, this is "security" by obscurity, but....

Hope this helps.

 

 

---------------------------------------------------------------------------------------------------------------------------------------------

My opinion is that unknown scanner was hoping to meet one of those admins who still use remote port of TCP/UDP packet as filter in

their firewall rules (like this: "ipfw allow tcp from any 21").

NKritsky - SysAdmin InternetHelp.Ru

http://www.internethelp.ru

e-mail: nkritsky@internethelp.ru

 

 

-----Original Message-----

From: Lim Seng Chor <Lim.Seng.Chor@sit.edu.my>

To: freebsd-security@FreeBSD.ORG <freebsd-security@FreeBSD.ORG>

Date: 31 мая 2001 г. 13:01

Subject: port 21

 

my kernel message showing:

Connection attempt to TCP 202.184.64.29:21 from

213.137.2.195:21

anyone can explain why 213.137.2.195 can use port 21 to connect

to my ftp port but not random port above 1024?

To Unsubscribe: send mail to majordomo@FreeBSD.org

with "unsubscribe freebsd-security" in the body of the message

 

 

To Unsubscribe: send mail to majordomo@FreeBSD.org

with "unsubscribe freebsd-security" in the body of the message


Get your FREE download of MSN Explorer at http://explorer.msn.com

To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: ipf / pf availability in 4.9
    ... and my question was how to get a port to 4.9. ... >> of the ipf rules can not process a script. ... >> What's the relationship between the freebsd ipf and the openbsd ... >> To unsubscribe, send any mail to ...
    (freebsd-questions)
  • Re: newest kdelibs fails to build
    ... I have a second box and I cvsupped it and it fails to build kdelibs too. ... Only THIS time, I simply went to the port directory, ... still running KDE 3.2.3 and the first box is blown out of the water. ... >> To unsubscribe, send any mail to ...
    (freebsd-questions)
  • Re: Installation advice needed for a really stable desktop machine
    ... the OP stated that he was 'considering' the i386 port. ... can now make an informed decision, ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • Re: still image grabber
    ... is there a port on freebsd that generate still images from movie ... like "image grabber" on windows?? ... I began writing a shell script for this a couple of weeks ago. ... To unsubscribe, ...
    (freebsd-questions)
  • AW: Questions in regards to Domain and port 80 being blocked
    ... Betreff: RE: Questions in regards to Domain and port 80 being blocked ... with smtp email server port 25 forwarding which in the ... Dyndns.org does have a pay for email service which is a standard ISP ... To unsubscribe, send any mail to ...
    (freebsd-questions)