Network Attacks

H

heavenlykid

Limp Gawd
Joined
Mar 18, 2005
Messages
300
I was wondering could any on fill me in on what ports 15444, 32076, 12445 are. I have googled them all with no real resolution on them. My network is being attacked none stop on these ports and i Have no clue why. At first i thought it was a virus so I scanned every pc and made sure all virus protections where up to date. But my firewall is still getting hammered none stop on those three ports.
 
its doesnt say exactly how they are attacking them it just says in the firewall log that it blocked access to ip addy x.x.x.x to port 15444 etc etc and so on. But on any given day im having somewhere it the ballpark of 30,000 attacks on those three ports. From ip 's of all ranges.
 
How about block all IPs and explicitly allow the ones you trust. Is that an option?
 
^^^ best advice

problem comes when blocking all IP's is routing and proxies and such, until IPv6 comes, it is hard to block IP's for a specific region.


Best bet is to block everything and only allow what is needed.
 
hopefully you can get it sorted out, i am going through something similar at work, and just ended up blocking everything and if someone needs something they ask me and i determine if they really do need the access or not.
 
MrGuvernment said:
hopefully you can get it sorted out, i am going through something similar at work, and just ended up blocking everything and if someone needs something they ask me and i determine if they really do need the access or not.
Click to expand...

This is really how it should be in the first place. Deny all.
 
YUp, i learned that the slow way, i was more or less tossed into network admin role and had to learn it all from the ground up, luckily is a small office, 6 people, but when you have 2 cable lines and they were both slow cause of people using webcams and skype all day.. is like um no SORRY! go home and do that shit!
 
Good advice all around here. Just keep them blocked and monitor them from time to time. I have a client that for some reason is getting hammered by a few IPs from China and the Netherlands.

nothing I can do about it, but keep the firewall nice and tight and monitor weekly or so to check on the the status of hits. I think that office is getting hit like 40k+ times a day.

Side note. Because that office is small, I have the SOHO Firewall running hardware wise... then I have an old box running Untangle ReDirect in windows to double cover them.

good times.....
 
Interesting, I have been noticing contant connections attempts on various ports as well from places in Asia, and i am down in Costa Rica.. seems something in the wild is looking to spread.
 
You must log in or register to reply here.
Back
Top