Re: [vox-tech] port forwarding
On 03/29/2016 04:21 PM, Richard Harke wrote: > I have been looking through the logs and set-up of my router. > I found that a port is being forwarded to one of my wife's laptops. > Since port triggering is disabled, how is this possible? Is there a normal > function for this or does this mean the router has been comprised? > The port is 59215, UDP. I searched but haven't found any clue as to > its use. The laptop in question is a Dell and fortunately does not > have any important data. (games mostly) > > Richard > > > What kind of router/firewall are you running? Can you share a snippet that you think is suspicious? Are any of the games internet connected? Most home routers will pass packets out and then back in on higher ports if initiated from inside. (Test do you get hits on this port when the Windows machine isn't on) Does the laptops Windows firewall block the packets after they pass your router? My initial idea, is make sure you're running up to date firmware on your router. Some off the shelf router's are somewhat notorious for old and outdated firmware. But I'm not sure there's an actual problem here yet. -Alex ___ vox-tech mailing list [email protected] http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] port forwarding
I have been looking through the logs and set-up of my router. I found that a port is being forwarded to one of my wife's laptops. Since port triggering is disabled, how is this possible? Is there a normal function for this or does this mean the router has been comprised? The port is 59215, UDP. I searched but haven't found any clue as to its use. The laptop in question is a Dell and fortunately does not have any important data. (games mostly) Richard ___ vox-tech mailing list [email protected] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Port Forwarding or firewall?
Hai Yi wrote: > thank you, Rod. Actually, it also happened to the MySQL server as > well. As you can see that I have mysql open @ port 3306. From another > computer (Widnows XP) in my LAN, I installed a MySQL client > (MySQLQueryBrowser.exe), it can't establish the connection to the > server either. It's quite weird. I think Rod's point was that it is not weird at all... it is per design. The people packaging these servers don't want to assume that you are prepared to have everyone on the internet accessing them, so they only enable it on the localhost network interface (127.0.0.1). Therefore it is standard operating procedure to have YOU make that configuration change... and you shouldn't do that until you have read enough of the manual to know just what you want to expose on the outward-facing network interface (192.168.1.128). Apache and MySQL are both programs with very configurable internal security options that you can get wrong and end up exposing some or all of your computer contents to people running vulnerability scanners. I would recommend disabling your port forwarding on the router, and reading some more about the configuration of these daemons and testing them from your windows box (verify your configuration works the way you want it to manually, and also try Zenmap/Nmap?) before exposing them willy-nilly. > On Sun, May 10, 2009 at 1:10 AM, Rod Roark wrote: >> It sounds like your DB server's admin feature is listening only on >> localhost and not on the network interface... which is the default >> setting that you'd probably expect. >> >> Rod >> >> Hai Yi wrote: >>> Hello there: >>> >>> I installed an apache http server on my ubuntu linux box, and I config >>> the port forwarding in my router, and I can access the page from >>> outside of my local network, everything is cool. >>> however, when I installed an oracle express version db server on the >>> same box, I can access its admin page from the same box by typing: >>> http://localhost:8080/apex, I config the router's port forwarding >>> again, but this time, I can't visit the page from outside, and I can't >>> visit the page from inside either (use >>> http://192.168.1.128:8080/apex). >>> >>> Some ppl said that it might be that I have my firewall installed on >>> the linux box, and this is my opened services: >>> >>> PORT STATE SERVICE >>> 22/tcp open ssh >>> 80/tcp open http >>> 631/tcp open ipp >>> 1521/tcp open oracle >>> 3306/tcp open mysql >>> 8080/tcp open http-proxy >>> >>> >>> I hope that I've made myself understood. >>> >>> any help? >>> >>> Thanks a lot! >>> Hai -- --- Jeff NewmillerThe . . Go Live... DCN:Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...1k --- ___ vox-tech mailing list [email protected] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Port Forwarding or firewall?
thank you, Rod. Actually, it also happened to the MySQL server as well. As you can see that I have mysql open @ port 3306. From another computer (Widnows XP) in my LAN, I installed a MySQL client (MySQLQueryBrowser.exe), it can't establish the connection to the server either. It's quite weird. On Sun, May 10, 2009 at 1:10 AM, Rod Roark wrote: > It sounds like your DB server's admin feature is listening only on > localhost and not on the network interface... which is the default > setting that you'd probably expect. > > Rod > > Hai Yi wrote: >> Hello there: >> >> I installed an apache http server on my ubuntu linux box, and I config >> the port forwarding in my router, and I can access the page from >> outside of my local network, everything is cool. >> however, when I installed an oracle express version db server on the >> same box, I can access its admin page from the same box by typing: >> http://localhost:8080/apex, I config the router's port forwarding >> again, but this time, I can't visit the page from outside, and I can't >> visit the page from inside either (use >> http://192.168.1.128:8080/apex). >> >> Some ppl said that it might be that I have my firewall installed on >> the linux box, and this is my opened services: >> >> PORT STATE SERVICE >> 22/tcp open ssh >> 80/tcp open http >> 631/tcp open ipp >> 1521/tcp open oracle >> 3306/tcp open mysql >> 8080/tcp open http-proxy >> >> >> I hope that I've made myself understood. >> >> any help? >> >> Thanks a lot! >> Hai > ___ > vox-tech mailing list > [email protected] > http://lists.lugod.org/mailman/listinfo/vox-tech > ___ vox-tech mailing list [email protected] http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Port Forwarding or firewall?
It sounds like your DB server's admin feature is listening only on localhost and not on the network interface... which is the default setting that you'd probably expect. Rod Hai Yi wrote: > Hello there: > > I installed an apache http server on my ubuntu linux box, and I config > the port forwarding in my router, and I can access the page from > outside of my local network, everything is cool. > however, when I installed an oracle express version db server on the > same box, I can access its admin page from the same box by typing: > http://localhost:8080/apex, I config the router's port forwarding > again, but this time, I can't visit the page from outside, and I can't > visit the page from inside either (use > http://192.168.1.128:8080/apex). > > Some ppl said that it might be that I have my firewall installed on > the linux box, and this is my opened services: > > PORT STATE SERVICE > 22/tcp open ssh > 80/tcp open http > 631/tcp open ipp > 1521/tcp open oracle > 3306/tcp open mysql > 8080/tcp open http-proxy > > > I hope that I've made myself understood. > > any help? > > Thanks a lot! > Hai ___ vox-tech mailing list [email protected] http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] Port Forwarding or firewall?
Hello there: I installed an apache http server on my ubuntu linux box, and I config the port forwarding in my router, and I can access the page from outside of my local network, everything is cool. however, when I installed an oracle express version db server on the same box, I can access its admin page from the same box by typing: http://localhost:8080/apex, I config the router's port forwarding again, but this time, I can't visit the page from outside, and I can't visit the page from inside either (use http://192.168.1.128:8080/apex). Some ppl said that it might be that I have my firewall installed on the linux box, and this is my opened services: PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 631/tcp open ipp 1521/tcp open oracle 3306/tcp open mysql 8080/tcp open http-proxy I hope that I've made myself understood. any help? Thanks a lot! Hai ___ vox-tech mailing list [email protected] http://lists.lugod.org/mailman/listinfo/vox-tech
