Yes, we're finding the same. However as in common with most folk here we
take the attitude that everything is blocked (in and out) unless
specifically allowed and even then preferably from a vpn or fixed ip
address.
rgds
gmcb
-----Original Message-----
From: Cox, Danny H.
To: [EMAIL PROTECTED]
Sent: 03/04/2003 02:32
Subject: [gb-users] Possible hack attempts on port 3389
There appears to be a rise in hack attempts through port 3389.
In the past 6 hours, I have seen 4 different networks try to log into my
primary index server through this port.
Over the past year, I have seen about a total of 3 attempts to gain this
type of access, until now.
For those of you that don't know - This port is used by Microsoft for
Terminal services (think remote desktop).
Here is one of many log entries I have been getting - note the
originating IP address.
EMAIL NO: 3
DATE: Wed 2003-04-02 17:05:34
PRIORITY: 4
INTERFACE: EXT-DSL (xl0)
INTERFACE TYPE: External
ALARM TYPE: Block
IP PACKET: TCP [61.33.171.233/3988]-->[xxx.xxx.xxx.xxx/3389] l=0
f=0x2
[61.33.171.233/3988]-->[xxx.xxx.xxx.xxx/3389]
I decided to play on a hunch on these and found that every single one of
these sites had a windows server running TS.
Several of the sites were "home based" small business networks that had
Linksys and SonicWall firewalls.
I notified the admins of the problem and still keep getting random
attempts.
I have long since shut down these services (at the firewall) here and
plan to take steps to make certain this is not a concern for me.
Danny H. Cox
Yield Dynamics, Inc.
(408) 764-9822
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
To subscribe to the digest version first unsubscribe, then
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archive of the last 1000 messages:
http://www.mail-archive.com/[EMAIL PROTECTED]
DISCLAIMER: The information in this message is confidential and may be
legally privileged. It is intended solely for the addressee. If you are not
the intended recipient, any disclosure, copying, or distribution of the
message, or any action or omission taken by you in reliance on it, is
prohibited and may be unlawful. Any views expressed in this message are
those of the individual sender, except where the sender specifically states
them to be the views of any organisation or employer. If you have received
this message in error, do not open any attachment but immediately contact
the sender, deleting this message from your system. No responsibility is
accepted by the sender for any damage resulting from any bug or virus
infection. Thank you.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
To subscribe to the digest version first unsubscribe, then
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archive of the last 1000 messages:
http://www.mail-archive.com/[EMAIL PROTECTED]
