Re: weired logs

To: Jan <jan@mailbone.de>
Cc: debian-amd64@lists.debian.org
Subject: Re: weired logs
From: "Hans-J. Ullrich" <hans.ullrich@loop.de>
Date: Thu, 8 Nov 2007 14:11:20 +0100
Message-id: <[🔎] 200711081411.21122.hans.ullrich@loop.de>
In-reply-to: <[🔎] 4733027F.8080005@mailbone.de>
References: <[🔎] 200711080935.41594.hans.ullrich@loop.de> <[🔎] 4732FE90.1030901@mailbone.de> <[🔎] 4733027F.8080005@mailbone.de>

Am Donnerstag 08 November 2007 schrieb Jan:
> Jan schrieb:
> > Hans-J. Ullrich schrieb:
> >> Hi all,
> >
> > Hi,
> >
> >> just a question. I found this entry in my logs:
> >>
> >> Nov  7 21:02:21 protheus2 check[7476]: [ 3] Unable to connect to
> >> c105.cloudmark.com:2703; Reason: Connection refused.
> >> Nov  7 21:02:21 protheus2 check[7476]: [ 3] Unable to connect to
> >> c105.cloudmark.com:2703; Reason: Connection refused.
> >> Nov  7 21:02:25 protheus2 check[7476]: [ 3] Unable to connect to
> >> c105.cloudmark.com:2703; Reason: Connection refused.
> >> Nov  7 21:02:25 protheus2 check[7476]: [ 3] Unable to connect to
> >> c105.cloudmark.com:2703; Reason: Connection refused.
> >>
> >> It looks like my host tried to connect to c105.cloudmark.com port:2703.
> >>
> >> I never tried to do this, so this might be caused by an application
> >> (which might be a security hole), someone attacked me, or this was
> >> caused by my running tor. What is port 2703 ?
> >
> > The port 2703 not regular
> >
> > prometheus ~ # grep 2703 /etc/services
> > -- no results
> >
> >
> > After i spend some time on google for you i found this interesting
> > article:
> >
> > http://www.auditmypc.com/port/udp-port-2703.asp
> >
> >
> > it seems to be an application for sms transfering or sth. stupid like
> > that. Try to locate the port by using netstat and isolate the socket and
> > the matching PID of the process. The rest should be a piece of cake :)
>
> Addition:
>
> I took a look on cloudmark.com after my first response. It seems to be a
> security company providing anti spam services (including sms spam
> protection). Where is your machine located? Did you rent it? If yes that

No, my machine is my notebook at home, but it is running night and day. 
> could explain why the machine tried to connect to a service on this
> site. Maybe your provider is using security features provided by
> cloudmark?!
>

Hmm, relating to this, my idea is, it could be, that spamassassin tried to 
connect to cloudmark.com. I did not discover cloudmark.com in the web 
somehow. So it might be no attack at all. I think, I will pay attention at 
all, but forget about this case.

> :)
>
> Jan

Thanks for any help !

Regards

Hans

Reply to:

Follow-Ups:
- Re: weired logs
  - From: Michael Alan Dorman <mdorman@tendentious.org>

References:
- weired logs
  - From: "Hans-J. Ullrich" <hans.ullrich@loop.de>
- Re: weired logs
  - From: Jan <jan@mailbone.de>
- Re: weired logs
  - From: Jan <jan@mailbone.de>

Prev by Date: Re: weired logs
Next by Date: Re: weired logs
Previous by thread: Re: weired logs
Next by thread: Re: weired logs
Index(es):
- Date
- Thread