Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Continual knocking on port 443 from foreign IP address
Special Forums Cybersecurity Continual knocking on port 443 from foreign IP address Post 302893890 by randomxs on Friday 21st of March 2014 01:13:10 PM
Old 03-21-2014
Thanks to all for your answers. I really appreciate it.

@corona688...Indeed it is a proxy into our private nets. Excellent point...

@Perderabo - Excellent...this makes sense too. I had the DROP and REJECT functionality 'switched' in my original understanding. What you described makes perfect sense and explains to me what I was asking and what is going on.

Thanks
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Sunblade shows 2 MAC address on same port

Please, can someone tell me why my SunBlade would be showing 2 different but similar MAC addresses on the same port on the Switch? The switch shows all other Workstations with 1 MAC on each port, but the SunBlade is showing 2. Thanks in advance for any insight.... (1 Reply)
Discussion started by: GoneCrazy
1 Replies

2. Solaris

How To Change 5 port Ip Address Solaris?

Hello i'm newbie in solaris, anybody know how to change five port solaris 10? exmpe: bge0, bge1, bge2, etc. anybody can help me with the script implementasi... and logical how solaris work. thank so much:b: (2 Replies)
Discussion started by: yanto85
2 Replies

3. Cybersecurity

Port Address Changing....

Is there a software solution to stop intruders from changing my port addresses? Causes IPmap to crash. Platform is OS/X Leopard. (1 Reply)
Discussion started by: aleatory
1 Replies

4. IP Networking

Configure squid to listen on any IP address with port 80

Hi, I am trying to configure a transparent squid cache. When I try to use the below option in squid.conf, squid listens on port 80 only for the IP address configured on the system's interface. http_port 80 transparent But I want squid to accept connections for any IP address on port 80.... (3 Replies)
Discussion started by: Learner32
3 Replies

5. Cybersecurity

Listening to port when no IP address is assigned

Hi Pals Consider a case where the network interface is there and it is connected to a network. Only thing left here is I need to set a static ip/ip though dhcp (though ifconfig) I heard that it is possible to listen even if the ip address is not set. So is there any possibility of an attack over... (1 Reply)
Discussion started by: sreejithc
1 Replies

6. Solaris

Allow usage of port 80 and 443

I am trying to install Sun Java Web Server using an ordinary user with no root/sudo rights. I need to allow this web server to use ports 80 and 443. How can this be done?:confused: (1 Reply)
Discussion started by: emealogistics
1 Replies

7. UNIX for Advanced & Expert Users

What is the foreign address?

hi i want to open port 9100 and the connect server could not to connect to my application this my results of netstat tulpn Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 localhost:9100 ... (3 Replies)
Discussion started by: mohammad alshar
3 Replies

8. HP-UX

How to open 443 port in HP-UX?

Hello Experts, I want to open the port 443 on my HP-UX system. can you please help ? Thanks in advance. (1 Reply)
Discussion started by: purushottamaher
1 Replies

9. IP Networking

netstat local and foreign address relationship.

Hi All, Can you please help me in understanding the relationship between local and foreign address in the output of netstat -an. Output 1 ---------- 162.103.162.37.50224 162.103.162.35.9511 49640 0 49640 0 ESTABLISHED 162.103.162.37.50263 162.103.162.35.9512 49640 0... (1 Reply)
Discussion started by: Girish19
1 Replies

LEARN ABOUT DEBIAN

sslh-select

SSLH(8) 																   SSLH(8)

NAME

	sslh - ssl/ssh multiplexer

SYNOPSIS

       sslh [-F config file] [ -t num ] [-p listening address [-p listening address ...] [--ssl target address for SSL] [--ssh target address for
       SSH] [--openvpn target address for OpenVPN] [--http target address for HTTP] [-u username] [-P pidfile] [-v] [-i] [-V] [-f] [-n]

DESCRIPTION

       sslh accepts connections in HTTP, HTTPS, SSH, OpenVPN, tinc, XMPP, or any other protocol that can be tested using a regular expression, on
       the same port. This makes it possible to connect to any of these servers on port 443 (e.g. from inside a corporate firewall, which almost
       never block port 443) while still serving HTTPS on that port.

       The idea is to have sslh listen to the external 443 port, accept the incoming connections, work out what type of connection it is, and then
       fordward to the appropriate server.

   Protocol detection
       The protocol detection is made based on the first bytes sent by the client: SSH connections start by identifying each other's versions
       using clear text "SSH-2.0" strings (or equivalent version strings). This is defined in RFC4253, 4.2. Meanwhile, OpenVPN clients start with
       0x00 0x0D 0x38, tinc clients start with "0 ", and XMPP client start with a packet containing "jabber".

       Additionally, two kind of SSH clients exist: the client waits for the server to send its version string ("Shy" client, which is the case of
       OpenSSH and Putty), or the client sends its version first ("Bold" client, which is the case of Bitvise Tunnelier and ConnectBot).

       If the client stays quiet after the timeout period, sslh will connect to the first protocol defined (in the configuration file, or on the
       command line), so SSH should be defined first in sslh configuration to accommodate for shy SSH clients.

   Libwrap support
       One drawback of sslh is that the ssh and httpd servers do not see the original IP address of the client anymore, as the connection is
       forwarded through sslh.	sslh provides enough logging to circumvent that problem.  However it is common to limit access to ssh using
       libwrap or tcpd. For this reason, sslh can be compiled to check SSH accesses against SSH access lists as defined in /etc/hosts.allow and
       /etc/hosts.deny.

   Configuration file
       A configuration file can be supplied to sslh. Command line arguments override file settings. sslh uses libconfig to parse the configuration
       file, so the general file format is indicated in <http://www.hyperrealm.com/libconfig/libconfig_manual.html>.  Please refer to the example
       configuration file provided with sslh for the specific format (Options have the same names as on the command line, except for the list of
       listen ports and the list of protocols).

       The configuration file makes it possible to specify protocols using regular expressions: a list of regular expressions is given as the
       probe parameter, and if the first packet received from the client matches any of these expressions, sslh connects to that protocol.

       Alternatively, the probe parameter can be set to "builtin", to use the compiled probes which are much faster than regular expressions.

OPTIONS

       -t num, --timeout num
	   Timeout before forwarding the connection to the first configured protocol (which should usually be SSH). Default is 2s.

       -p listening address, --listen listening address
	   Interface and port on which to listen, e.g. foobar:443, where foobar is the name of an interface (typically the IP address on which the
	   Internet connection ends up).

	   This can be specified several times to bind sslh to several addresses.

       --ssl target address
	   Interface and port on which to forward SSL connection, typically localhost:443.

	   Note that you can set sslh to listen on ext_ip:443 and httpd to listen on localhost:443: this allows clients inside your network to
	   just connect directly to httpd.

       --ssh target address
	   Interface and port on which to forward SSH connections, typically localhost:22.

       --openvpn target address
	   Interface and port on which to forward OpenVPN connections, typically localhost:1194.

       --xmpp target address
	   Interface and port on which to forward XMPP connections, typically localhost:5222.

       --tinc target address
	   Interface and port on which to forward tinc connections, typically localhost:655.

	   This is experimental. If you use this feature, please report the results (even if it works!)

       -v, --verbose
	   Increase verboseness.

       -n, --numeric
	   Do not attempt to resolve hostnames: logs will contain IP addresses. This is mostly useful if the system's DNS is slow and running the
	   sslh-select variant, as DNS requests will hang all connections.

       -V  Prints sslh version.

       -u username, --user username
	   Requires to run under the specified username.

       -P pidfile, --pidfile pidfile
	   Specifies a file in which to write the PID of the main server.

       -i, --inetd
	   Runs as an inetd server. Options -P (PID file), -p (listen address), -u (user) are ignored.

       -f, --foreground
	   Runs in foreground. The server will not fork and will remain connected to the terminal. Messages normally sent to syslog will also be
	   sent to stderr.

       --background
	   Runs in background. This overrides foreground if set in the configuration file (or on the command line, but there is no point setting
	   both on the command line unless you have a personality disorder).

FILES

       /etc/init.d/sslh
	   Start-up script. The standard actions start, stop and restart are supported.

       /etc/default/sslh
	   Server configuration. These are environment variables loaded by the start-up script and passed to sslh as command-line arguments. Refer
	   to the OPTIONS section for a detailed explanation of the variables used by sslh.

SEE ALSO

       Last version available from <http://www.rutschle.net/tech/sslh>, and can be tracked from <http://freecode.com/projects/sslh>.

AUTHOR

       Written by Yves Rutschle

v1.13b								    2012-08-26								   SSLH(8)
All times are GMT -4. The time now is 04:13 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy