Re: weired logs
Am Donnerstag 08 November 2007 schrieb Jan:
> Hans-J. Ullrich schrieb:
> > Hi all,
>
> Hi,
>
> > just a question. I found this entry in my logs:
> >
> > Nov 7 21:02:21 protheus2 check[7476]: [ 3] Unable to connect to
> > c105.cloudmark.com:2703; Reason: Connection refused.
> > Nov 7 21:02:21 protheus2 check[7476]: [ 3] Unable to connect to
> > c105.cloudmark.com:2703; Reason: Connection refused.
> > Nov 7 21:02:25 protheus2 check[7476]: [ 3] Unable to connect to
> > c105.cloudmark.com:2703; Reason: Connection refused.
> > Nov 7 21:02:25 protheus2 check[7476]: [ 3] Unable to connect to
> > c105.cloudmark.com:2703; Reason: Connection refused.
> >
> > It looks like my host tried to connect to c105.cloudmark.com port:2703.
> >
> > I never tried to do this, so this might be caused by an application
> > (which might be a security hole), someone attacked me, or this was caused
> > by my running tor. What is port 2703 ?
>
> The port 2703 not regular
>
> prometheus ~ # grep 2703 /etc/services
> -- no results
>
>
> After i spend some time on google for you i found this interesting article:
>
> http://www.auditmypc.com/port/udp-port-2703.asp
>
>
> it seems to be an application for sms transfering or sth. stupid like
> that. Try to locate the port by using netstat and isolate the socket and
> the matching PID of the process. The rest should be a piece of cake :)
>
Hi Jan,
there is no port 2703 beeing used. IMO my host is trying to connect to
cloudmark.com at port 2703 (outgoing traffic) without my interaction. And
THIS is a security hole. Otherwise someone made my host try to connect to
this. This should be hamstrunged !
I will watch this, if I might find out, which application was attacked, I will
inform the maintainer.
Thanks for your help !
> > Regards
>
> Best Regards
>
> > Hans
>
> Jan
Cheers
Hans
Reply to: