Results 1 to 3 of 3
  1. #1
    Join Date
    Apr 2004

    security issue-what could this be?

    just curious as to why this would be.

    I keep getting repeated attempts of people trying to connect to my server to port 119(nntp) and 137(netbios)

    this is how it goes:
    a single ip tries to connect to those 2 ports over and over and over. immediatly, my server picks it up as a threat and blocks them. this goes on for about 30 mins then stops. now a new ip starts doing the exact same thing. for 30 mins or so then a new one etc etc.

    i dont nave nntp or netbios service running ever as im running a linux server rather windows

    i just found it odd that there would be computers trying to connect to those 2 ports and only from 1 ip at a time. never 2 ips in the same time period trying to connect.

    what could it be? maybe some dumb kid thinking hes cool thinks hes taking out a server trying to use windows exploits on a linux server? i dunno. was just curious to see if someone else knew something i didnt. thanks

  2. #2
    Join Date
    Feb 2002
    Vestal, NY
    Sounds somewhat unusual, but I wouldn't worry about it. Maybe you are seeing the results of some strange worm or virus that has been scanning your server. I would just ignore it.

  3. #3
    Join Date
    Mar 2004
    Chicago, IL
    Block it and forget it. Sounds like a virus or random scans.

    I see wierd things on occasion. I have several addresses in Austria blocked because they keep attempting to send domain updates to my nameserver for one of the domains I host. My nameserver properly denies the updates, but I got sick of seeing them in my logs.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts