Re: Help me to diagnose !!!
From: Lutz Donnerhacke (lutz@iks-jena.de)Date: 02/15/02
- Next message: Dennis Solberg: "Multiple "GREEN" subnets with Smoothwall"
- Previous message: Lutz Donnerhacke: "Re: iptables and windows network neighborhood"
- In reply to: Steven: "Help me to diagnose !!!"
- Next in thread: Juergen Nieveler: "Re: Help me to diagnose !!!"
- Reply:(deleted message) Juergen Nieveler: "Re: Help me to diagnose !!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: lutz@iks-jena.de (Lutz Donnerhacke) Date: Fri, 15 Feb 2002 09:07:09 +0000 (UTC)
* Steven wrote:
>Following is log from my sygate personal firewall:
>
>Time: 02/14/2002 20:14:35
>ACtion: Blocked TCP
>Direction: Outgoing
>Remote Host: Mailserver( I omit the ip here )
>Remote Port: 445
>Local Host: My IP ( I omit the ip here )
>Local Port: 2296
>
>Rule name: GUI%GUICONFIG#SRULE@NBENABLEYOU#BLOCKALL
>
>
>"The rule name" is not easy to understand, but from the words there,
>it seems like it is about netbios.
No it's the fallback default "block all" rule.
>So what function has port 445 of my mailserver ? After a quick search, 445
>is used for Microsoft-DS, is that correct ?
No. 445 is used by encrypted mailexchange protocols (POP3/... via SSL).
>I live in a univ dormitory, since several weeks, my internet connection is
>not stabil, although my neighbour have no problem. We have been assigned
>to static ip. Sometimes I can not ping the gateway, dns server.
The reason might be your personal firewall. Uninstall it.
>Through arp -a, I found the ip of one of my neighbour in the cache.
>Because that guy has little knowledge of computer, so the reason my pc has
>been pinged by him manualy is impossible. Now comes the question, is there
>possible that his pc has been compromised, to launch DoS attack by someone
>else ? I know there are many new comer try to practice such things now.
It's possible, but more likely is a simple "network neighborhood search".
>or the second reason I guess, some used my IP, while there is limit
>of volumn imposed on the user.
Even that is possible, if your network admins do not secure the network
internally.
>How can I find out the truth ?
Using a network sniffer:
http://www.blood-thirsty-barbarians.de/Firewall.html#Zuschauen
"How can i find out what's happening on my interfaces/network?"
- Next message: Dennis Solberg: "Multiple "GREEN" subnets with Smoothwall"
- Previous message: Lutz Donnerhacke: "Re: iptables and windows network neighborhood"
- In reply to: Steven: "Help me to diagnose !!!"
- Next in thread: Juergen Nieveler: "Re: Help me to diagnose !!!"
- Reply:(deleted message) Juergen Nieveler: "Re: Help me to diagnose !!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
