Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Trying to track down an assault on my port 110

Reply
Thread Tools

Trying to track down an assault on my port 110

 
 
The Doctor
Guest
Posts: n/a
 
      01-31-2010
I am trying to see wh is trying to break into my POP3 server
using the router.

My POP3 server says IP X is doing it, but IP X in the access-lists are
not showing up.

What show commmand do I need to find this culprit, and before that how do I set it up?
--
Member - Liberal International This is http://www.velocityreviews.com/forums/(E-Mail Removed) Ici (E-Mail Removed)
God, Queen and country! Never Satan President Republic! Beware AntiChrist rising!
http://twitter.com/rootnl2k http://www.myspace.com/502748630
Born 29 Jan 1969 Redhill,Surrey,England UK
 
Reply With Quote
 
 
 
 
JF Mezei
Guest
Posts: n/a
 
      01-31-2010
The Doctor wrote:

> My POP3 server says IP X is doing it, but IP X in the access-lists are
> not showing up.


Is this a NAT setup ? If so, you would find the associations with the

SHOW IP NAT TRANSLATIONS | include :110

This will show your current connections with the outside IP and the host
on your LAN, filtered to include only calls involving port 110

Access list entries don't necessarily get created, unless you are using
reflective access list for inboud traffic.

Normally, a netstat -n -f inet | grep :110 would do it on your server.

(there is also a lsof variation that lets you get that info too)


If you are not using NAT, then packet just flow through the router and
not necessarily logged. But there is a netflow functionality that you
could enable that would then let you monitor at the router level the
current TCP connections between the outside world and your LAN world.
 
Reply With Quote
 
 
 
 
The Doctor
Guest
Posts: n/a
 
      01-31-2010
In article <00e0ffd3$0$17024$(E-Mail Removed)>,
JF Mezei <(E-Mail Removed)> wrote:
>The Doctor wrote:
>
>> My POP3 server says IP X is doing it, but IP X in the access-lists are
>> not showing up.

>
>Is this a NAT setup ? If so, you would find the associations with the
>
>SHOW IP NAT TRANSLATIONS | include :110
>
>This will show your current connections with the outside IP and the host
> on your LAN, filtered to include only calls involving port 110
>
>Access list entries don't necessarily get created, unless you are using
>reflective access list for inboud traffic.
>
>Normally, a netstat -n -f inet | grep :110 would do it on your server.
>
>(there is also a lsof variation that lets you get that info too)
>
>
>If you are not using NAT, then packet just flow through the router and
>not necessarily logged. But there is a netflow functionality that you
>could enable that would then let you monitor at the router level the
>current TCP connections between the outside world and your LAN world.


Actually I was able to block the culprit.

If not working on your inbound ACL try the same line on your
outbound ACL. DOne.
--
Member - Liberal International This is (E-Mail Removed) Ici (E-Mail Removed)
God, Queen and country! Never Satan President Republic! Beware AntiChrist rising!
http://twitter.com/rootnl2k http://www.myspace.com/502748630
Born 29 Jan 1969 Redhill,Surrey,England UK
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
QoS on a Cisco 877 to give port 80, 110, and 25 priority Peter Danes Cisco 2 11-06-2007 06:17 PM
The connection to the server has failed. Account: 'incoming.yahoo.verzon.net', Server: 'incoming.yahoo.verizon.net', Protocol: POP3, Port: 110, Secure(SSL): No, Socket Error: 10061, Error Number: 0x800CCC0E Michael Bower Computer Support 3 10-01-2006 03:44 PM
How to track down who's on what port on an IOS 6509? Wil Schultz Cisco 4 02-08-2005 04:26 AM
Todd Bertuzzi assault trial: stay up on the events of the case as it unfolds.... NHLi.com MCSE 1 08-10-2004 11:32 AM
pix allows 21,25,110 but not port 80 Patrick Cisco 5 02-19-2004 08:19 PM



Advertisments