[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: weired logs




Jan schrieb:
> 
> Hans-J. Ullrich schrieb:
>> Hi all,
> Hi,
>> just a question. I found this entry in my logs:
>>
>> Nov  7 21:02:21 protheus2 check[7476]: [ 3] Unable to connect to 
>> c105.cloudmark.com:2703; Reason: Connection refused.
>> Nov  7 21:02:21 protheus2 check[7476]: [ 3] Unable to connect to 
>> c105.cloudmark.com:2703; Reason: Connection refused.
>> Nov  7 21:02:25 protheus2 check[7476]: [ 3] Unable to connect to 
>> c105.cloudmark.com:2703; Reason: Connection refused.
>> Nov  7 21:02:25 protheus2 check[7476]: [ 3] Unable to connect to 
>> c105.cloudmark.com:2703; Reason: Connection refused.
>>
>> It looks like my host tried to connect to c105.cloudmark.com port:2703.
>>
>> I never tried to do this, so this might be caused by an application (which 
>> might be a security hole), someone attacked me, or this was caused by my 
>> running tor. What is port 2703 ? 
> 
> The port 2703 not regular
> 
> prometheus ~ # grep 2703 /etc/services
> -- no results
> 
> 
> After i spend some time on google for you i found this interesting article:
> 
> http://www.auditmypc.com/port/udp-port-2703.asp
> 
> 
> it seems to be an application for sms transfering or sth. stupid like
> that. Try to locate the port by using netstat and isolate the socket and
> the matching PID of the process. The rest should be a piece of cake :)

Addition:

I took a look on cloudmark.com after my first response. It seems to be a
security company providing anti spam services (including sms spam
protection). Where is your machine located? Did you rent it? If yes that
could explain why the machine tried to connect to a service on this
site. Maybe your provider is using security features provided by cloudmark?!

:)


Jan



Reply to: