Q about port attacks from the internet... [Archive] - Glock Talk

PDA

View Full Version : Q about port attacks from the internet...


aircarver
12-29-2005, 06:49
So DSL finally came to my area & I ditched the modems for a home network behind a router firewall.

Reading the router logs, it's been under continuous attack from the internet since it was turned on. Appears to be a robotic pinging of ports in serial fashion, from a wide variety of IPs.

My question is: it appears to be a small number of port numbers (33473 to 33509 serially, 1026 & 1027 a lot... 22, 137, 443 ) What's special about THESE ports that they keep recurring in the attack ?

For educational purposes... I don't think I have a problem, since the router firewall is bouncing all of these. Any suggestions on things I should tighten up on in the firewall settings ?

Thanks,

Toyman
12-30-2005, 06:35
Not a lot special about the ports really, but some are used for specific things, like 137 is used by Windows for the NetBIOS Name Service (Windows Networking). For example, if you didn't have a firewall and had File Sharing on, I could possibly simply query your computer and access your files, all of that would start off on port 137.

443 is SSL Encrypted HTTP, etc.

It's most likely that the ports being scanned are associated with various known security holes, which if left unpatched would possibly give a hacker a way in.

Dandapani
12-30-2005, 07:52
Here's a list of ports: http://www.sockets.com/services.htm

aircarver
12-30-2005, 13:43
Thanks guys !!

It was informative.

[Contemplates how to send a 440 volt e-mail to the port probers......]

;f