Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Continual knocking on port 443 from foreign IP address
Special Forums Cybersecurity Continual knocking on port 443 from foreign IP address Post 302893863 by Perderabo on Friday 21st of March 2014 11:26:36 AM
Old 03-21-2014
Quote:
Originally Posted by randomxs

Why would someone continually try to access the https port for months on end 100s of times an hour when clearly they must see they are being denied access to the server?


Iptables is not perfect and even when you use DROP rather than REJECT a port scanner can tell that DROP is in use by doing a SYN scan. If a server is on the port the SYN will get an ACK, otherwise it gets a RST. So the bad guy knows that he is getting nailed by a DROP rule and there is a live server being protected by the DROP rule. So he sets up an infinite loop trying to connect.

He hopes you will someday have a problem, wonder if iptables is causing it, and try dropping iptables just for a few seconds. Or maybe you will change your configuration and do a quick "service iptables restart". Most iptable configs allow ESTABLISHED connections to persist so once he connects... he is in.
This User Gave Thanks to Perderabo For This Post:
fpmurphy
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Sunblade shows 2 MAC address on same port

Please, can someone tell me why my SunBlade would be showing 2 different but similar MAC addresses on the same port on the Switch? The switch shows all other Workstations with 1 MAC on each port, but the SunBlade is showing 2. Thanks in advance for any insight.... (1 Reply)
Discussion started by: GoneCrazy
1 Replies

2. Solaris

How To Change 5 port Ip Address Solaris?

Hello i'm newbie in solaris, anybody know how to change five port solaris 10? exmpe: bge0, bge1, bge2, etc. anybody can help me with the script implementasi... and logical how solaris work. thank so much:b: (2 Replies)
Discussion started by: yanto85
2 Replies

3. Cybersecurity

Port Address Changing....

Is there a software solution to stop intruders from changing my port addresses? Causes IPmap to crash. Platform is OS/X Leopard. (1 Reply)
Discussion started by: aleatory
1 Replies

4. IP Networking

Configure squid to listen on any IP address with port 80

Hi, I am trying to configure a transparent squid cache. When I try to use the below option in squid.conf, squid listens on port 80 only for the IP address configured on the system's interface. http_port 80 transparent But I want squid to accept connections for any IP address on port 80.... (3 Replies)
Discussion started by: Learner32
3 Replies

5. Cybersecurity

Listening to port when no IP address is assigned

Hi Pals Consider a case where the network interface is there and it is connected to a network. Only thing left here is I need to set a static ip/ip though dhcp (though ifconfig) I heard that it is possible to listen even if the ip address is not set. So is there any possibility of an attack over... (1 Reply)
Discussion started by: sreejithc
1 Replies

6. Solaris

Allow usage of port 80 and 443

I am trying to install Sun Java Web Server using an ordinary user with no root/sudo rights. I need to allow this web server to use ports 80 and 443. How can this be done?:confused: (1 Reply)
Discussion started by: emealogistics
1 Replies

7. UNIX for Advanced & Expert Users

What is the foreign address?

hi i want to open port 9100 and the connect server could not to connect to my application this my results of netstat tulpn Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 localhost:9100 ... (3 Replies)
Discussion started by: mohammad alshar
3 Replies

8. HP-UX

How to open 443 port in HP-UX?

Hello Experts, I want to open the port 443 on my HP-UX system. can you please help ? Thanks in advance. (1 Reply)
Discussion started by: purushottamaher
1 Replies

9. IP Networking

netstat local and foreign address relationship.

Hi All, Can you please help me in understanding the relationship between local and foreign address in the output of netstat -an. Output 1 ---------- 162.103.162.37.50224 162.103.162.35.9511 49640 0 49640 0 ESTABLISHED 162.103.162.37.50263 162.103.162.35.9512 49640 0... (1 Reply)
Discussion started by: Girish19
1 Replies

LEARN ABOUT DEBIAN

bubbros-server

bubbros-server(6)						   Games Manual 						 bubbros-server(6)

NAME

       bubbros-server - the bub-n-bros server.

SYNOPSIS

       bubbros-server [ level-file.bin ] [options]

DESCRIPTION

       bubbros-server  starts  an http server that acts as a control panel for the server. The server listens on port 8000 by default. The url for
       the control panel is http://server:port/0xN where 0xN is a random hex number (acts as minimal protection). This url  is	printed  when  the
       server  starts.	You can start and view games and kill the server from this panel. The control panel also allows you to type in the address
       of a server to connect to, the script will then open a client to that server. The http server also servers java applet  clients	for  those
       players who wish to use one.

       When  a	game  is  started the script opens a port for the game server. This port can then be connected to by a client.	Clients autodetect
       servers running on the local network with UDP ping on port 8056.

   Connection forming
       The client forms a tcp connection to the server. Or, when using the metaserver, the server forms a connection to the client. If this fails,
       the  client  and server try a simultaneous SYN connect. This sometimes works if the server and client are behind firewalls. The server then
       tries to transmit the data over udp. If it gets no response from the client it will fall back to the existing tcp connection.

OPTIONS

       -b N, --begin N, --start N
	      Start at board (level) number N.	The default is 1. See also the -s option.

       -h, --help
	      Display help.

       -i, --infinite
	      Restart the server at the end of the game. Normally the server quits after a certain period of inactivity. This is useful when  used
	      with the -m option to make a public server that is available for a long time.

       -l N, --lives N
	      Limit number of lives to N.  If this option is not specified the number of lives will be infinite.

       -m, --metaserver
	      Register server with the Metaserver (currently) at codespeak.net:8050.  This makes your server visible to everybody, and also facil-
	      itates joining through a fascistic firewall.

       --port TYPE=N Sets default listening ports. If type is LISTEN , sets the game server port to N.	The game server port is chosen randomly by
	      default.	If the type is HTTP , sets the http server port to N.  The http server port defaults to 8000.  Another port will be chosen
	      if none was specified and 8000 is already in use. The server also listens to UDP ping on port 8056.

       -s N, --step N
	      Increase board number with N when a board is completed. Defaults to 1. see also the -b option.

OUTPUT

       The server outputs helpful debug information concerning the http and game servers.

SEE ALSO

       bubbros(6) bubbros-client(6)

								 December 7, 2007						 bubbros-server(6)
All times are GMT -4. The time now is 05:56 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy