Trying to track down an assault on my port 110

Discussion in 'Cisco' started by The Doctor, Jan 31, 2010.

  1. The Doctor

    The Doctor Guest

    I am trying to see wh is trying to break into my POP3 server
    using the router.

    My POP3 server says IP X is doing it, but IP X in the access-lists are
    not showing up.

    What show commmand do I need to find this culprit, and before that how do I set it up?
    --
    Member - Liberal International This is Ici
    God, Queen and country! Never Satan President Republic! Beware AntiChrist rising!
    http://twitter.com/rootnl2k http://www.myspace.com/502748630
    Born 29 Jan 1969 Redhill,Surrey,England UK
    The Doctor, Jan 31, 2010
    #1
    1. Advertising

  2. The Doctor

    JF Mezei Guest

    The Doctor wrote:

    > My POP3 server says IP X is doing it, but IP X in the access-lists are
    > not showing up.


    Is this a NAT setup ? If so, you would find the associations with the

    SHOW IP NAT TRANSLATIONS | include :110

    This will show your current connections with the outside IP and the host
    on your LAN, filtered to include only calls involving port 110

    Access list entries don't necessarily get created, unless you are using
    reflective access list for inboud traffic.

    Normally, a netstat -n -f inet | grep :110 would do it on your server.

    (there is also a lsof variation that lets you get that info too)


    If you are not using NAT, then packet just flow through the router and
    not necessarily logged. But there is a netflow functionality that you
    could enable that would then let you monitor at the router level the
    current TCP connections between the outside world and your LAN world.
    JF Mezei, Jan 31, 2010
    #2
    1. Advertising

  3. The Doctor

    The Doctor Guest

    In article <00e0ffd3$0$17024$>,
    JF Mezei <> wrote:
    >The Doctor wrote:
    >
    >> My POP3 server says IP X is doing it, but IP X in the access-lists are
    >> not showing up.

    >
    >Is this a NAT setup ? If so, you would find the associations with the
    >
    >SHOW IP NAT TRANSLATIONS | include :110
    >
    >This will show your current connections with the outside IP and the host
    > on your LAN, filtered to include only calls involving port 110
    >
    >Access list entries don't necessarily get created, unless you are using
    >reflective access list for inboud traffic.
    >
    >Normally, a netstat -n -f inet | grep :110 would do it on your server.
    >
    >(there is also a lsof variation that lets you get that info too)
    >
    >
    >If you are not using NAT, then packet just flow through the router and
    >not necessarily logged. But there is a netflow functionality that you
    >could enable that would then let you monitor at the router level the
    >current TCP connections between the outside world and your LAN world.


    Actually I was able to block the culprit.

    If not working on your inbound ACL try the same line on your
    outbound ACL. DOne.
    --
    Member - Liberal International This is Ici
    God, Queen and country! Never Satan President Republic! Beware AntiChrist rising!
    http://twitter.com/rootnl2k http://www.myspace.com/502748630
    Born 29 Jan 1969 Redhill,Surrey,England UK
    The Doctor, Jan 31, 2010
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Patrick
    Replies:
    5
    Views:
    616
    Julie
    Feb 19, 2004
  2. Wil Schultz
    Replies:
    4
    Views:
    15,947
    Wil Schultz
    Feb 8, 2005
  3. Peter Danes
    Replies:
    2
    Views:
    1,765
    java123
    Nov 6, 2007
  4. D@Z

    insert track reference in mp3 track

    D@Z, May 2, 2008, in forum: Computer Support
    Replies:
    1
    Views:
    815
    Shel-hed
    May 2, 2008
  5. Barkley Hughes
    Replies:
    5
    Views:
    396
    Keyboard
    Nov 12, 2006
Loading...

Share This Page