[linux-help] Re: Port 18593 attacks
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
Powering the cable modem off for 2-5 minutes and rebooting may not give
you a new ip address with cox dhcp server. Even the tech support staff
are unable to release & renew your ip address from the cox dhcp server.
It may have to be released and renewed by a supervisor at cox. I will
check on that. ~Anne
Jonathan Hall wrote:
> Sounds like a bunch of port scans. I'm not sure what method there might be
> to the apparant madness, though.
>
> Do you have a static IP address? If not, do you continue to experience the
> attacks after your IP changes? It looks like you use Cox... I would suggest
> powering off you cable modem for 2-5 minutes, then powering it back on.
> That should force a new IP address. Then see if the apparant attacks
> continue.
>
> It may be that someone (or many someones) found your IP address some where
> (e-mail header, usenet posting, IRC logs... whatever), and whatever
> mechanism is attacking you (whether it be an individual or, probably more
> likely, some automated attack brought on by a trojan horse/virus on some
> unsuspecting person/people's computers) is continuing to attack that
> address.
>
> I had an instance several years ago where one of my IP addresses was being
> attacked after I had connected to a certian IRC network from that IP
> address. A number of IPs then began attacking that IP address for days. By
> changing IP addresses, the attacks then fail, and so long as the target IP
> address is not again visible to the would-be attackers, the attacks can not
> begin again.
>
> -- Jonathan
>
>
> ----- Original Message -----
> From: "bbales" <bbales@xxxxxxx>
> To: <linux-help@xxxxxxxxx>
> Sent: Sunday, August 01, 2004 8:35 PM
> Subject: [linux-help] Re: Port 18593 attacks
>
>
>
>>No - In one bunch of 916 hits there were 110 different addresses. 38 were
>
> to
>
>>UDP, the rest to TCP. Usually hits an address/port combination two to
>
> four
>
>>times and then switches. Sometimes switches address and port in less than
>
> a
>
>>second (two hits with the same time-stamp.) Most source ports are four
>>digit, the rest are five digit.
>>
>>A sort on source addresses shows several addresses used quite a few times.
>>24.161.87.199 used 64 times with 16 different ports, each port used
>
> exactly
>
>>four times.
>>24.167.68.48 used 30 times, five different ports, each used exactly six
>
> times.
>
>>68.113.250.214 24 times, 8 different ports, each used exactly three
>
> times.
>
>>68.47.163.14 26 times, nine different ports, all but one used three times
>
> and
>
>>on used twice.
>>144.137.113.30 used 81 times with about 78 different ports.
>>217.226.110.2 used 106 times with ports used mostly three or four times.
>>
>>I'm sure that's more information than anyone wants.
>>bruce
>>
>>
>>On Sunday 01 August 2004 01:12, you wrote:
>>
>>>I am not aware of any server/software that uses TCP port 18593. Do the
>>>attacks appear to be originating from any particular sources?
>>>
>>>----- Original Message -----
>>>From: "bbales" <bbales@xxxxxxx>
>>>To: <linux-help@xxxxxxxxx>
>>>Sent: Saturday, July 31, 2004 9:52 PM
>>>Subject: [linux-help] Port 18593 attacks
>>>
>>>
>>>>During the past week my Frazier Firewall has been turning away
>
> thousands
>
>>>of
>>>
>>>
>>>>attempts at port 18593. Some times as many as 245 in one hour. In
>
> the
>
>>>past
>>>
>>>
>>>>when I had a large number of hits on one port, I could find something
>>>
>>>about
>>>
>>>
>>>>it from Symantec or some forum on the web. This time no-one is
>
> reporting
>
>>>>anything about port 18593.
>>>>
>>>>It seems to be overwhelming the firewall logging facilities as the
>
> daily
>
>>>email
>>>
>>>
>>>>only reports the last six or eight hours.
>>>>
>>>>Anyone have any clues about this?
>>>>bruce
>>>>
>>>>
>>>>-- This is the linux-help@xxxxxxxxx list. To unsubscribe,
>>>>visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
>>>
>>>-- This is the linux-help@xxxxxxxxx list. To unsubscribe,
>>>visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
>>
>>-- This is the linux-help@xxxxxxxxx list. To unsubscribe,
>>visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
>>
>>
>
>
> -- This is the linux-help@xxxxxxxxx list. To unsubscribe,
> visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
>
>
-- This is the linux-help@xxxxxxxxx list. To unsubscribe,
visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
- [linux-help] Re: Port 18593 attacks, Adam M. Sennott, 2004/08/01
- [linux-help] Re: Port 18593 attacks, bbales, 2004/08/01
- [linux-help] Re: Port 18593 attacks, Jonathan Hall, 2004/08/02
- [linux-help] Re: Port 18593 attacks,
ironrose <=
- [linux-help] Re: Port 18593 attacks, bbales, 2004/08/02
- [linux-help] Re: Port 18593 attacks, ironrose, 2004/08/02
- [linux-help] Re: Port 18593 attacks, Jonathan Hall, 2004/08/02
- [linux-help] Re: Port 18593 attacks, ironrose, 2004/08/03
- [linux-help] Re: Port 18593 attacks, Jonathan Hall, 2004/08/03
- [linux-help] Re: Port 18593 attacks, bbales, 2004/08/03
- [linux-help] Re: Port 18593 attacks, ironrose, 2004/08/03
- [linux-help] Re: Port 18593 attacks, John Lucas, 2004/08/03
- [linux-help] Re: Port 18593 attacks, Adam M. Sennott, 2004/08/03
- [linux-help] Re: Port 18593 attacks, Michael Osten, 2004/08/03
|
|
