Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> My Linux Server Is Scanning Other Peoples Servers, Help me, I am a newbie
zle1979
post Jan 20 2003, 12:40 PM
Post #1


Whats this Lie-nix Thing?
*

Group: Members
Posts: 2
Joined: 20-January 03
Member No.: 348



I recieved some emails today stating that my Linux Server is scanning their servers, can anyone help me on how to stop this? Thank you in advance.
Go to the top of the page
 
+Quote Post
Corey
post Jan 20 2003, 01:56 PM
Post #2


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 1,254
Joined: 21-September 02
From: St John's, Newfoundland, Canada
Member No.: 3



Did they give you any additional information like what ports it was scanning on? This will greatly help investigating what is causing it. As well, maybe even checking your process list to see if there's anything out of the ordinary there might be causing this.


--------------------
Corey Quilliam
(former) Linuxhelp.ca Administrator
cquilliam-AT-gmail-dot-com

Want to help out Linuxhelp.net? Check out our Linuxhelp Wiki and see if there are some articles you would like to submit!!

--
Ubuntu 8.04 64-bit - Work Laptop (HP-Compaq NC6400 Core2)
Kubuntu 8.04 64-bit - Desktop (HP m8120n QuadCore)
Ubuntu 6.04 - Server (I'm not upgrading this baby until support runs out in 2012) (Some old POS dell)
Go to the top of the page
 
+Quote Post
zle1979
post Jan 20 2003, 01:59 PM
Post #3


Whats this Lie-nix Thing?
*

Group: Members
Posts: 2
Joined: 20-January 03
Member No.: 348



The port that it is scanning is 443. I hope this helps some. Thanks again
Go to the top of the page
 
+Quote Post
Corey
post Jan 20 2003, 02:05 PM
Post #4


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 1,254
Joined: 21-September 02
From: St John's, Newfoundland, Canada
Member No.: 3



Port 443 is for https connections. Basically websites that use SSL encyptions. This could easily be caused by you hitting a website with "https://" instead of "http://". SSL encrypted sites are usually sites that use secure online transactions with credit cards, or banks, or any paranoid web admins. This doesn't really seem like a big deal to me, and I don't know why you would get emailed regarding it. I would just ignore it unless you are 100% sure that it's not you doing it, then I would attempt to find out who is. You could set up a firewall that blocks outgoing connections to port 443, and redirect it to a log so you can see when the connections are happening.


--------------------
Corey Quilliam
(former) Linuxhelp.ca Administrator
cquilliam-AT-gmail-dot-com

Want to help out Linuxhelp.net? Check out our Linuxhelp Wiki and see if there are some articles you would like to submit!!

--
Ubuntu 8.04 64-bit - Work Laptop (HP-Compaq NC6400 Core2)
Kubuntu 8.04 64-bit - Desktop (HP m8120n QuadCore)
Ubuntu 6.04 - Server (I'm not upgrading this baby until support runs out in 2012) (Some old POS dell)
Go to the top of the page
 
+Quote Post
chrisw
post Jan 20 2003, 04:28 PM
Post #5


RMS is my Hero
******

Group: Admin
Posts: 634
Joined: 27-September 02
From: Louisiana
Member No.: 5



could also be the ssl bug that affects the secure connections
in apache...there was an advisory about it a while back
maybe that is what is happening

what the bug creates is the ability to use any server that has
an ssl server running to be used in DOS attacks creating
chaos on the internet thus would possibly cause the scanning...

i would updated your ssl packages on your server, reboot
and see if it continues....that is if you absolutely need an ssl
server...if not just stop the ssl server and just run regular http
on port 80


--------------------

Chris W.
Go to the top of the page
 
+Quote Post
alex_123_sk
post Jan 21 2003, 10:44 AM
Post #6


Whats this Lie-nix Thing?
*

Group: Members
Posts: 23
Joined: 18-January 03
Member No.: 339



This could also be a trick. People would tell you that your host is scanning their server and then ask you information on your host. They can then use those info to attack your host.
Go to the top of the page
 
+Quote Post
chrisw
post Jan 22 2003, 02:00 PM
Post #7


RMS is my Hero
******

Group: Admin
Posts: 634
Joined: 27-September 02
From: Louisiana
Member No.: 5



i honestly think .....why would someone go through the trouble
of doing such a thing....just ignore it like tourettes mentioned..


--------------------

Chris W.
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 11th December 2017 - 02:18 AM