Like anything its all about what you may have or what they want, your logs show a few different ports but port 60096 stands out.
I get these logs all day and get hit all day, whats systems do you use? what bandwidth have you got? are you actually seeing a degrade in browsing performance? you may just be a random product of the NET like the rest of us. Tell us a little more about your system. as far as nmap-ing well, didnt know that was illegal depends on your country, here info from port 60096 anyways, hope it helps you. Port number: 60096 > Common name(s): client-port on Red Hat Linux 9.0, Fedora Core 1, Red Hat > Enterprise 3 > > Common service(s): client > > Service description(s): Outgoing client connections from systems. > > Common server(s): RPC based services, Windows Messaging Service. > > Common client(s): All client software (SSH, Web clients, etc.) > > Common problem(s): Insecure client software > > Encrypted options: Not applicable > > Secure options: Not applicable > > Firewalling recommendations: Block inbound connections to client ports, > allow outgoing connections and returning packets (keep state) > > Attack detection: As a general rule data coming in to client ports that is > not part of an established connection is likely an attack. Exceptions exist > of course, such as FTP, various instant messenger protocols, file sharing > protocols, IRC's DCC, and so on. > > Related ports: 32768 and other client ports > > Related URL(s): > http://seifried.org/security/os/linux/20011005-linux-port-behavior.html > > Other notes: Port 32768 is the first port used by the operating system for > outbound connections, thus it is likely you will see outbound connections > from port 32768 and up. If you run netstat on Red Hat Linux or UNIX you will > see something like: > > [EMAIL PROTECTED] web]# netstat -vatn > Active Internet connections (servers and established) > Proto Recv-Q Send-Q Local Address Foreign Address State > tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN > tcp 0 0 10.2.3.4:32768 10.3.4.5:22 > ESTABLISHED > tcp 0 0 10.2.3.4:32769 10.9.3.4:80 > ESTABLOSHED > > > > Lee @ STS > http://www.seethrusec.co.uk > Building Knowledge and Security.. > ----- Original Message ----- > From: "Schmidt, Michael R." <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Sunday, May 02, 2004 8:41 AM > Subject: [Full-Disclosure] A rather newbie question > > > > If someone could take a quick look through my log file - it is very simple > and shows a bazillion requests that are being bounced off my firewall. I > would really appreciate it. My ISP didn't care and didn't respond when I > let him know about all this traffic that was wasting MY bandwidth. And then > they were upset when I nmapped back to a few addresses and hit some upstream > providers router - oh well, live and learn. They told me they would > terminate my contract if I kept that up. Hey I was just trying to find out > who the freaks were that are constantly attacking MY network. > > Anyway, what I am looking for is confirmation that even though I may be > new - I am not losing my brains or paranoid, thanks. > > I have updated all my systems to the latest patch version - but I'll tell > you, it is the users inside the firewall that cause the most problems. All > our machines have antivirus, all have antispyware, but they are used by my > kids and sometimes their friends, and therein lies the problem, but hanging > out in the background with you guys has opened my eyes to the craziness out > there. How is a "normal" citizen supposed to keep their computer safe on > the Internet? I don't think it is possible. > > > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
