rohanly
asked on
Acess deneid - suspicious
Dear Experts,
I am continouly getting acess denied for a private ip which is using all of its ports one by one to connect to a ip which is behind the firewall on a fixed port.
I am not sure what kind of attack it is and how to get rd of it.
Thanks & Regards,
Rohan
I am continouly getting acess denied for a private ip which is using all of its ports one by one to connect to a ip which is behind the firewall on a fixed port.
I am not sure what kind of attack it is and how to get rd of it.
Thanks & Regards,
Rohan
Sounds like a brute force/ DoS attack of some sort.
ASKER
i am not able to understand what is he trying to do, if it wwould have been a port scan he tried all destination ports but here he is changinf source ports ,
its going above my head.
its going above my head.
That doesn't make much sense to me either, maybe he's a n00b and mixed up source and destination. LOL.
I honestly couldn't tell you why he would be changing the source ports either. Very strange.
I honestly couldn't tell you why he would be changing the source ports either. Very strange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
As mentioned in the above expert comment , the source port is irrelevant, most client applications will just use the first available random port to bind to its socket operation , usually something above the Well known ports range (0-1024).
if you may let us know what is the exact destination port this private IP is trying to connect to , that may help to better understand the problem.
if you may let us know what is the exact destination port this private IP is trying to connect to , that may help to better understand the problem.
ASKER
Well the port is 4150 Tcp
there is no legitimate software or service that uses that port that i'm aware of...unless you're saying that is the source port...
Have you found the source machine that is making attempts on that port ?
Have you found the source machine that is making attempts on that port ?
ASKER
Actually we do monitoring of a customer's firewall , and do not have access to their network.
It will really like if someone can suggest some things , that i can reccomend them
Thanks & Regards,
Rohan
It will really like if someone can suggest some things , that i can reccomend them
Thanks & Regards,
Rohan
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.