|
Home > Archive > alt.os.linux > December 2002 > Scanning port 443
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| OK here is the scoop. I run 4 Linux web servers I have on those servers a
program called Port Sentry which watchs for some one doing a port scan on
my server. Twice in 3 months I have had a company I deal with set it off. I
have tried to do so with a web browser but can't see how they can be
causing a port scan in error. I suspect their router (gateway) could be
hacked or possibly one of their PC's behind it and the attack is being
perp'ed by some one outside. Does any one now how in hell you can cause a
scan on port 443 via a browser??
I know that port 443 is https but that is the really odd thing, simply
opening your web browser and putting in https://www.xxx.com instead of
http://www.xxx.com does not cause a port scan of port 443, as the port is
closed on the server all I get is a message saying that it can't be
accessed.
Any help would be greatly appreciated as I want to maintain the security but
I don't want to lock out visitors either.
Dave
| |
|
|
Paul Lutus wrote in message ...
>On Fri, 13 Dec 2002 18:29:02 +0000, DaveW wrote:
>
>> OK here is the scoop.
>
>NO, here's the scoop. Choose ONE newsgroup. Make ONE post. NEVER
>multi-post.
>
>--
>Paul Lutus
>http://www.arachnoid.com
>
>
Or even better not be a knob and answer the question then push your view of
how to post onto the person.
| |
| Paul Lutus 2002-12-13, 5:24 pm |
| On Fri, 13 Dec 2002 20:48:57 +0000, Jason wrote:
>
> Paul Lutus wrote in message ...
>>On Fri, 13 Dec 2002 18:29:02 +0000, DaveW wrote:
>>
>>> OK here is the scoop.
>>
>>NO, here's the scoop. Choose ONE newsgroup. Make ONE post. NEVER
>>multi-post.
>>
>>--
>>Paul Lutus
>>http://www.arachnoid.com
>>
>>
>
> Or even better not be a knob and answer the question then push your view of
> how to post onto the person.
You clearly haven't a clue about Usenet. Until you do, you need to take
thee advice of those who do have a clue.
Do not multi-post.
--
Paul Lutus
http://www.arachnoid.com
| |
|
| Paul Lutus wrote:
> On Fri, 13 Dec 2002 20:48:57 +0000, Jason wrote:
>
>>
>> Paul Lutus wrote in message ...
>>>On Fri, 13 Dec 2002 18:29:02 +0000, DaveW wrote:
>>>
>>>> OK here is the scoop.
>>>
>>>NO, here's the scoop. Choose ONE newsgroup. Make ONE post. NEVER
>>>multi-post.
>>>
>>>--
>>>Paul Lutus
>>>http://www.arachnoid.com
>>>
>>>
>>
>> Or even better not be a knob and answer the question then push your view
>> of how to post onto the person.
>
> You clearly haven't a clue about Usenet. Until you do, you need to take
> thee advice of those who do have a clue.
>
> Do not multi-post.
>
Yep we get knobs who XXXXX about top posting, we get knobs who XXXXX about
bottom posting, we get knobs who XXXXX about inline posting, we get knobs
who XXXXX about cross posting, we get knobs who XXXXX about multi posting
and we bet Paul who's just a knob.
Crawl back to where you came from and take your own advice Paul and get a
clue.
| |
| Paul Lutus 2002-12-13, 7:24 pm |
| On Fri, 13 Dec 2002 23:33:09 +0000, Jason wrote:
> Crawl back to where you came from and take your own advice Paul and get a
> clue.
Low-life clueless jackass. *PLONK*
--
Paul Lutus
http://www.arachnoid.com
| |
|
| Paul Lutus wrote:
> On Fri, 13 Dec 2002 23:33:09 +0000, Jason wrote:
>
>
>> Crawl back to where you came from and take your own advice Paul and get a
>> clue.
>
> Low-life clueless jackass. *PLONK*
>
LOL, I think I hit a weak spot. What's the matter Paul can't take your own
medicine?
| |
| David Efflandt 2002-12-13, 9:25 pm |
| On Fri, 13 Dec 2002 18:29:02 GMT, DaveW <davew@citywebsites.com> wrote:
> OK here is the scoop. I run 4 Linux web servers I have on those servers a
> program called Port Sentry which watchs for some one doing a port scan on
> my server. Twice in 3 months I have had a company I deal with set it off. I
> have tried to do so with a web browser but can't see how they can be
> causing a port scan in error. I suspect their router (gateway) could be
> hacked or possibly one of their PC's behind it and the attack is being
> perp'ed by some one outside. Does any one now how in hell you can cause a
> scan on port 443 via a browser??
Maybe someone who did not keep their apache (actually mod_ssl) up to date
got hit with the Linux slapper worm which tries to infect similarly
neglected servers via port 443. What makes you think it was a browser
that set it off? Anything that would attempt to infect you via https
would likely appear to be a browser request.
--
David Efflandt - All spam ignored http://www.de-srv.com/
http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
http://cgi-help.virtualave.net/ http://hammer.prohosting.com/~cgi-wiz/
| |
| Erik =?iso-8859-1?q?Ljungstr=F6m=22?= 2002-12-13, 9:25 pm |
| On Fri, 13 Dec 2002 23:33:09 +0000, Jason wrote:
[-snip-]
>> Do not multi-post.
>>
>
> Yep we get knobs who XXXXX about top posting, we get knobs who XXXXX about
> bottom posting, we get knobs who XXXXX about inline posting, we get knobs
> who XXXXX about cross posting, we get knobs who XXXXX about multi posting
> and we bet Paul who's just a knob.
>
Exactly what is the difference between cross post, and multi post?
What is it in your terminology that has gnone me by?
--
-> Erik Ljungstroem (erik@northernmost.org)
-> ipv4: http://www.northernmost.org
-> ipv6: http://freebsd.northernmost.org
-> Norrköping, Sweden
| |
| Paul Lutus 2002-12-13, 10:24 pm |
| On Sat, 14 Dec 2002 03:10:45 +0000, "Erik =?iso-8859-1?q?Ljungstr=F6m=22?=
<eri wrote:
/ ...
> Exactly what is the difference between cross post, and multi post? What
> is it in your terminology that has gnone me by?
A multi-post is two or more simultaneous, independent posts of the same
post to different newsgroups.
A cross-post is almost the same thing, except the posts are linked -- the
"newsgroups" line lists all the newsgroups in which the post appears. Any
replies to the post appear in all the newsgroups (unless a follow-up is
specified). This prevents duplication of effort, compared to a multi-post.
Both are frowned upon, but multi-posting more than cross-posting.
--
Paul Lutus
http://www.arachnoid.com
| |
| Joachim Feise 2002-12-13, 11:25 pm |
| Erik Ljungstr=F6m wrote:
> On Fri, 13 Dec 2002 23:33:09 +0000, Jason wrote:
> [-snip-]=20
> =20
>>>Do not multi-post.
>>>
>>
>>Yep we get knobs who XXXXX about top posting, we get knobs who XXXXX ab=
out=20
>>bottom posting, we get knobs who XXXXX about inline posting, we get kno=
bs=20
>>who XXXXX about cross posting, we get knobs who XXXXX about multi posti=
ng=20
>>and we bet Paul who's just a knob.
>>
>=20
>=20
> Exactly what is the difference between cross post, and multi post?
> What is it in your terminology that has gnone me by?
Basic Netiquette, see http://www.ietf.org/rfc/rfc1855.txt
Quotes:
If you are sending a reply to a message or a posting be sure you
summarize the original at the top of the message, or include just
enough text of the original to give a context.
"Cross-Posting" refers to posting a message to more than one
group. If you introduce Cross-Posting to a group, or if you
direct "Followup-To:" in the header of your posting, warn
readers!
If you feel an article will be of interest to more than one
Newsgroup, be sure to CROSSPOST the article rather than individually
post it to those groups.
Individually posting to several groups is called multi-posting, and
is bad. Crossposting is usually not warranted, but, depending on
circumstances, may be ok (see the quote above).
-Joe
| |
| Sybren Stuvel 2002-12-15, 7:24 pm |
| In article <zTvK9.5447$cN6.167740@ursa-nb00s0.nbnet.nb.ca>, Jason wrote:
> LOL, I think I hit a weak spot. What's the matter Paul can't take
> your own medicine?
It's just that he has a proper foundation to his arguements (read
RFC1855) and you haven't. Still, you are trying to behave as if you
have, which can be really annoying.
Sybren
-- [colo
r=darkred]
>>> RUNNING A MICROSOFT GAME USING WINE <<<[/color]
sybren@sybren:Mechwarrior Mercenaries$ wine MW4Mercs.exe
INSTR_IDT_Emulate Evil attempt to exploit win9x system security flaws detected
INSTR_IDT_Emulate UNIX system security is too strong, can't emulate properly
| |
|
| David Efflandt wrote:
> On Fri, 13 Dec 2002 18:29:02 GMT, DaveW <davew@citywebsites.com> wrote:
>> OK here is the scoop. I run 4 Linux web servers I have on those servers a
>> program called Port Sentry which watchs for some one doing a port scan on
>> my server. Twice in 3 months I have had a company I deal with set it off.
>> I have tried to do so with a web browser but can't see how they can be
>> causing a port scan in error. I suspect their router (gateway) could be
>> hacked or possibly one of their PC's behind it and the attack is being
>> perp'ed by some one outside. Does any one now how in hell you can cause a
>> scan on port 443 via a browser??
>
> Maybe someone who did not keep their apache (actually mod_ssl) up to date
> got hit with the Linux slapper worm which tries to infect similarly
> neglected servers via port 443. What makes you think it was a browser
> that set it off? Anything that would attempt to infect you via https
> would likely appear to be a browser request.
>
Actually that patch was applied within a day or two of being made available.
Besides while I am running a web server I am not running a secure one so
there is nothing on port 443. Why I think it was a browser is that the
company we deal with has no reason to run anything but a browser at the
site, and they say they aren't.
Dave
| |
| Sybren Stuvel 2002-12-16, 4:25 am |
| In article
<C7aL9.340545$oRV.88256@news04.bloor.is.net.cable.rogers.com>, DaveW
wrote:
> Why I think it was a browser is that the company we deal with has no
> reason to run anything but a browser at the site, and they say they
> aren't.
A company can never know what is exactly running on each and every
computer they own. My suggestion: run a dummy server on port 443 and
take a look at the requests coming in. You should easily be able to tell
the difference between a browser and a worm.
Sybren
-- [colo
r=darkred]
>>> RUNNING A MICROSOFT GAME USING WINE <<<[/color]
sybren@sybren:Mechwarrior Mercenaries$ wine MW4Mercs.exe
INSTR_IDT_Emulate Evil attempt to exploit win9x system security flaws detected
INSTR_IDT_Emulate UNIX system security is too strong, can't emulate properly
| |
| #10 Ox 2002-12-17, 11:26 pm |
| By Sat, 14 Dec 2002 03:10:45 GMT, "Erik Ljungström"
<erik@northernmost.org> decided to post
"Re: Scanning port 443" to alt.os.linux:
>On Fri, 13 Dec 2002 23:33:09 +0000, Jason wrote:
>[-snip-]
>>> Do not multi-post.
>>>
>>
>> Yep we get knobs who XXXXX about top posting, we get knobs who XXXXX about
>> bottom posting, we get knobs who XXXXX about inline posting, we get knobs
>> who XXXXX about cross posting, we get knobs who XXXXX about multi posting
>> and we bet Paul who's just a knob.
>>
>
>Exactly what is the difference between cross post, and multi post?
>What is it in your terminology that has gnone me by?
The interesting thing about crossposting, which becomes more
important with larger posts, usually binary attachments, is that with
a crosspost, most newservers only have one copy of the material and
link to it in all the groups to which it is posted. With a
multipost, storage space is allocated for the entire contents for
each group in which it is posted. That is wasteful, esp. for larger
posts/attachments.
Generally, either form is not necessary. Specifically, good
netiquette has you crossposting in certain circumstances -- this
would be a matter of preferred practice in some groups/situations.
_Generally_ crossposting is frowned upon, and multiposting is
outright wrong.
/ts
--
##****************************
*******##
"Justice is for sale in texas"
RE: DSC/Alcatel .vs. Evan Brown
##****************************
*******##
|
|
|
|
|