Re: Port 3060? What in the hell is going on?

• Previous message: Charles Newman: "Re: Port 3060? What in the hell is going on?"
• In reply to: Charles Newman: "Re: Port 3060? What in the hell is going on?"
• Next in thread: Arthur Hagen: "Re: Port 3060? What in the hell is going on?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 02 Dec 2004 11:28:11 GMT

Charles Newman wrote:

>
> "Arthur Hagen" <art@broomstick.com> wrote in message
> news:coimf2$5ol$1@cauldron.broomstick.com...
>> Charles Newman
>> <charlesnewman1@comcast.net.spammers.will.be.shot.on.sight> wrote:
>> > Why am I being attacked on port 3060? I am
>> > suddenly getting hammered with all kinds of
>> > connect attempts on port 3060? What is on
>> > port 3060 they are looking for? Tiny Firewall
>> > alerted me to connect attempts on that
>> > port and I was able to block it. Score another
>> > one for Tiny Firewall. Those of you with
>> > hardware appliances are probably being
>> > probed on port 3060 right now, and you
>> > would not know it, if it were not for this
>> > post. Better keep an eye on inbound
>> > port 3060. Somebody is trying to do
>> > who-knows-what on that port.
>>
>> Nope, nothing there. 1032 TCP port probes since yesterday, and not a
> single
>> one to that port. Could it be that you have someone on the *inside*
> running
>> a service that expects return traffic to port 3060, which is blocked?
>> Prime candidates for something like this happening include file sharing
>> programs.
>
> I dont allow file sharing anymore, since the RIAA
> decided to go after file sharers. I know that 3060 is
> in the range of ports (80, 1000-5300), that Kazaa
> uses, but since I do not use or allow Kazaa anywhere
> on my network, there is no reason that someone
> should be connecting on that port.
> If you want to block Kazaa on your network,
> Tiny Personal Firewall on an ICS box is the ONLY
> way you can do it. Everything on my network has
> to go through either Socks or HTTP proxies. On the
> Socks proxy, I block outgoing calls to port 80,
> and ports 1000-5300, and that effectively shuts
> down Kazaa. Tiny can control access by specific
> application. Try THAT on your hardware
> appliances.

What are you talking about here? I would simply find out the IP(s) for the
Kazaa site and set rules with my Watchguard FW appliance and block all
inbound and outbound traffic with the Kazaa site and be done with it. Kazaa
can run all it wants on any machine it wants and it would nerver be able to
make contact with the site. Kazza wouldn't be on any of the machines on my
network period in the first place. And a network FW's job is not to be
running some kind of BS Appliaction Control trying to stop anything at the
machine level.

> I can tell Tiny to block any outgoing
> calls, for example, on port 80 as part of blocking
> Kazaa, while telling it to allow port 80 calls on the
> HTTP proxy. You can say all you like, but Tiny
> can do a lot of things a hardware appliance just
> cannot do. Your hardware appliances, since they
> are not part of the sever machine, cannot block
> by specific application. A FW solution installed on
> the server machine can do this. So, in short, Tiny
> Firewall is NOT A TOY, contarry to what one
> poster has said here.

Tiny is a PFW solution and not a network FW solution. I wouldn't be using
Tiny or anyother PFW solution trying to proctect something like IIS, SQL
Server etc, etc running on machines on my network. There would be a FW
appliance setting there, a NAT router or deticated computer for running a
network FW solution and not some personal FW such as Tiny.

As for the rest of your post, you at least had the common sense to start
using a NT class machine.

Duane :)

• Previous message: Charles Newman: "Re: Port 3060? What in the hell is going on?"
• In reply to: Charles Newman: "Re: Port 3060? What in the hell is going on?"
• Next in thread: Arthur Hagen: "Re: Port 3060? What in the hell is going on?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]