|
Posted by Duane Arnold on July 19, 2005, 9:06 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Hi,
>
> My Sonicwall TZ170 sends me the log each day which I paste into Excel to
> analyse.
>
> The log shows that the ports attacked are as below (ranked in order of
> number of
> attacks with highest number first):-
>
> Port 1433 associated with MS SQL server
> Port 4899 associated with RAdmin
> Port 15118 is unassigned
> Ports 1025/1026 associated with Blackjack and Calendar
> Port 6129 is unassigned
>
> My understanding is that ports 1025 and 1026 are used for pop-ups by the
> spammers. Is that what the other ports are used for as well?
>
I get thousands of unsolicited inbound traffic/hit's on the Watchguard
everyday that are being dropped at the FW and I'll assume the same is
happening for you. One should be concerned about inbound from a remote IP if
it's due to some solicitation by a machine behind the SW that sent outbound
to a remote IP.
You can use this instead of dumping the logs into Excel as it works with
your TZ170 and does all the analysis for you. And you'll be able to see
traffic flow in real time a lot better with WW or go back in time with WW.
http://www.sonic.net/wallwatcher/#Routers
You want to know about those other port numbers and what can use them or
what they are dedicated for like port 1433 the Microsoft SQL Server Database
port, then Google is your friend. You got MS SQL Server running on a
machine with port 1433 opened/forwarded exposing the machine with SQL Server
running to the public Internet. If you don't, then you should forget about
and the others too.
Duane :)
| 
XML site map