Why am I being attacked on port 3060? I am suddenly getting hammered with all kinds of connect attempts on port 3060? What is on port 3060 they are looking for? Tiny Firewall alerted me to connect attempts on that port and I was able to block it. Score another one for Tiny Firewall. Those of you with hardware appliances are probably being probed on port 3060 right now, and you would not know it, if it were not for this post. Better keep an eye on inbound port 3060. Somebody is trying to do who-knows-what on that port.
Nope, nothing there. 1032 TCP port probes since yesterday, and not a single one to that port. Could it be that you have someone on the *inside* running a service that expects return traffic to port 3060, which is blocked? Prime candidates for something like this happening include file sharing programs.
Seems like there was a peak from ~11 October to ~11 November, and there's still some activity going on, but nothing extreme [1].
3060/tcp is registered to the client software of Interbase, a database product from Borland. Firebird [2] is an Open Source project based on Interbase which uses much the same code if I understand their webside correctly. Could be an unknown remote exploit in either products, a less-known product which uses the same ports, or something completely different. Suggestions?
The Firebird vulnerability google will find if you go look for it is only the local exploit which appeared on Bugtraq June 2002 (and has been rediscovered and re-bugtraq'ed roughly once a year after that).
Unless you run one of the mentioned SQL servers on that port your TCP/IP stack woukld have done exactely the same.
Complete nonsense.
You probably got the IP someone had before who was running one of the mentioned SQL servers and are simply getting legitimate connection attempts on the IP the SQL server had before it disconnected, nothing to worry about, but a typical phenomen when people run servers on dynamic IP addresses.
I've used Tiny as a personal firewall and found it worked nicely. Now I have a router for my workstations and Kerio Server firewall for my server. What do you guys think about Kerio server firewall? I just started using it since my server router quit on me a few weeks ago.
Please find a book on how networking works. If there is nothing listening on the port, the connection will be refused without any action by you or your toy firewall.
[compton ~]$ telnet kuiper 3050 Trying 192.168.7.148 telnet: Unable to connect to remote host: Connection refused [compton ~]$
I realize you probably don't understand technical stuff, so you probably didn't realize you can use telnet (or your web browser) to try to connect to specific ports, but it's a common technique. Why not unplug your computer, turn off your toy firewall, and try connecting to some random port numbers on your computer. Then turn your firewall back on, and repeat the test. Who knows, you _might_ learn something.
How would you know - you don't understand how firewalls operate, and certainly have no clue what they might or might not show. In fact, most experienced people don't slavishly hover over the firewall logs trying to see what connection attempts are being made - the connection fails, so why worry about it? Did you bother to try to figure out where your connection attempts are coming from? Are you going to try to complain to the network police about the problem?
"Arthur Hagen" wrote in message news:coimf2$5ol$ snipped-for-privacy@cauldron.broomstick.com...
I dont allow file sharing anymore, since the RIAA decided to go after file sharers. I know that 3060 is in the range of ports (80, 1000-5300), that Kazaa uses, but since I do not use or allow Kazaa anywhere on my network, there is no reason that someone should be connecting on that port. If you want to block Kazaa on your network, Tiny Personal Firewall on an ICS box is the ONLY way you can do it. Everything on my network has to go through either Socks or HTTP proxies. On the Socks proxy, I block outgoing calls to port 80, and ports 1000-5300, and that effectively shuts down Kazaa. Tiny can control access by specific application. Try THAT on your hardware appliances. I can tell Tiny to block any outgoing calls, for example, on port 80 as part of blocking Kazaa, while telling it to allow port 80 calls on the HTTP proxy. You can say all you like, but Tiny can do a lot of things a hardware appliance just cannot do. Your hardware appliances, since they are not part of the sever machine, cannot block by specific application. A FW solution installed on the server machine can do this. So, in short, Tiny Firewall is NOT A TOY, contarry to what one poster has said here. You dont have to use ICS on the server machine. I only recommend it, becuase it is built into every version of Windows since 98SE, and there are no extra per-seat fees (other than applicable licenses for the OS on the machines you plan to connect) to connect computers to it. If you dont want to use ICS, there is AllegroSurf, Proxy Pro Gatekeeper, Wingate, and may others, though you will have to pay exorbitant per-seat licensing fees if you want to use these. They all have DHCP servers, so they can act as a gateway for the machines on your network. AllegroSurf and ProxyPro have just about every kind of proxy server you would ever need built into them. Webwasher used to be freeware, but not anymore. If you can still grab one of the old freeware versions, it can do filtering quite well, as well as HTTP proxy services. WebWasher is a proxy and filter in one. I dont know if the old freeware versions (3.2 and earlier) are still around, but it is worth getting if you can find it. The newer payware versions require Windows 2000 or
2003 SERVER editions, while the old freeware versions will run on any Windows operating system, from Windows 95 onward. The server for my network used to run on Windows 95, but has progressed through 98, 98SE, and ME, and is now running Windows XP, and will be running on the "Longhorn" version of Windows when it becomes available (presumably sometime in 2006). One thing I learned though was NEVER run a server on Windows ME, the server was always crashing under Windows ME, but I have not had that problem with Windows XP.
It's a useless feature unless you already trust the users, in which case the need for it is rather moot anyhow. How does your solution block someone who runs Kazaa in a VMWare session, for example? Or simply starts the app through a wrapper?
Uhm, what's so ingenious about that? My firewall appliance allows outgoing to port 80 from my proxy servers, but not from other clients.
No, but they can control traffic depending on the *host* or interface, and don't require certain operating systems to work.
It's not a toy, but neither is it a replacement for a good security solution.
XP is quite unsuitable as a server, especially after SP2, where it's been deliberately crippled further to a max of 10 half-open connections. If you have to use Win*, use W2k or W2k3.
What are you talking about here? I would simply find out the IP(s) for the Kazaa site and set rules with my Watchguard FW appliance and block all inbound and outbound traffic with the Kazaa site and be done with it. Kazaa can run all it wants on any machine it wants and it would nerver be able to make contact with the site. Kazza wouldn't be on any of the machines on my network period in the first place. And a network FW's job is not to be running some kind of BS Appliaction Control trying to stop anything at the machine level.
Tiny is a PFW solution and not a network FW solution. I wouldn't be using Tiny or anyother PFW solution trying to proctect something like IIS, SQL Server etc, etc running on machines on my network. There would be a FW appliance setting there, a NAT router or deticated computer for running a network FW solution and not some personal FW such as Tiny.
As for the rest of your post, you at least had the common sense to start using a NT class machine.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.