speaking about Linux firewalls
Craig White
craigwhite at azapple.com
Thu Sep 22 20:34:07 MST 2005
A network where I have one.
Just set up a new Win2K3 server (don't lecture, I have as much religion
as the next guy). It's been up for 3 weeks or so and before we went
live, it punked out (seems to be a memory problem - ahem - Dell)...
Anyway, I happened to run netstat on the sucker and what do I see but a
connection that makes no sense at all since it is not exposed to the
internet in any fashion.
TCP MY_HOSTNAME:3289 213.254.229.147:http ESTABLISHED
I can ping that ip address and it's really bothering me. I am going to
block it at the firewall but I can't get a handle on it.
fingerprinting...
# nmap -O 213.254.229.147
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2005-09-22 19:53
MST
Interesting ports on 213.254.229.147:
(The 1655 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
500/tcp open isakmp
Device type: general purpose
Running: Linux 2.4.X
OS details: Linux 2.4.20 (Itanium)
Uptime 24.386 days (since Mon Aug 29 10:37:26 2005)
Nmap run completed -- 1 IP address (1 host up) scanned in 16.391 seconds
Anybody have any ideas what is going on?
Obviously I put new rules into Linux firewall and rebooted both systems
but blocking that one ip address isn't likely to stop whatever it was
that was connected - it may be something like Computer Associates
BrightStor/ArcServe doing a phone home thing but it really bothered me.
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the PLUG-discuss
mailing list