Welcome, Unregistered.
You last visited: Today at 10:50 PM






 

Members:
Threads:
Posts:
Online:

Newest Member:


Add Me

Go Back   Hosting Reseller Forums > Hosting Business & Technology > Technical & Security Issues > General
Reload this Page port 993, is necesary to open it?



Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 10-10-2008, 09:09 PM
Administrator
Whoaaaa
  
Join Date: Jan 2007
Posts: 39,681
Default port 993, is necesary to open it?


Hello, I had a problem with the server today and noticed some kind of denial of service over port 993 I checked #netstat -plan |grep 'ESTABL' and got a lot of unusual connections to port 993 ---Quote--- tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.85.208:46994 ESTABLISHED 15651/couriertls tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:216.9.248.227:48347 ESTABLISHED 16028/couriertls tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.80.203:52212 ESTABLISHED 15538/couriertls tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:216.9.249.32:56477 ESTABLISHED 15662/couriertls tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.81.144:45997 ESTABLISHED 15539/couriertls tcp 0 24 ::ffff:74.86.xx.xx:110 ::ffff:189.140.157.14:49711 ESTABLISHED 17716/pop3login tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.72.137:38034 ESTABLISHED 15524/couriertls tcp 0 0 ::ffff:74.86.xx.xx:143 ::ffff:67.223.69.136:43164 ESTABLISHED 15489/imapd tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.73.38:37825 ESTABLISHED 15521/couriertls tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.80.153:56221 ESTABLISHED 15589/couriertls tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.72.127:35437 ESTABLISHED 13088/couriertls tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.76.59:47411 ESTABLISHED 15565/couriertls tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.76.59:47412 ESTABLISHED 15575/couriertls tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.84.83:39503 ESTABLISHED 15540/couriertls tcp 0 0 ::ffff:74.86.xx.xx:143 ::ffff:206.53.151.114:34679 ESTABLISHED 15599/imapd tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.80.81:49257 ESTABLISHED 15506/couriertls tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.72.91:54139 ESTABLISHED 15743/couriertls tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.73.192:52082 ESTABLISHED 15556/couriertls tcp 0 62780 ::ffff:74.86.xx.xx:110 ::ffff:190.146.241.13:60367 ESTABLISHED 15531/pop3d tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.80.175:52519 ESTABLISHED 15522/couriertls tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.69.210:34372 ESTABLISHED 13197/couriertls tcp 0 0 ::ffff:74.86.xx.xx:143 ::ffff:201.245.237.188:1194 ESTABLISHED 15171/imapd tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.68.112:33763 ESTABLISHED 15571/couriertls tcp 0 756 ::ffff:74.86.xx.xx:2382 ::ffff:201.244.171.79:65047 ESTABLISHED 4358/1 tcp 0 16 ::ffff:74.86.xx.xx:110 ::ffff:190.24.138.106:1783 ESTABLISHED - tcp 0 0 ::ffff:74.86.xx.xx:2382 ::ffff:201.244.171.79:65054 ESTABLISHED 5086/2 tcp 0 6440 ::ffff:74.86.xx.xx:2382 ::ffff:201.244.171.79:65031 ESTABLISHED 3347/0 tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.86.16:39051 ESTABLISHED 15584/couriertls tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.81.57:45462 ESTABLISHED 15580/couriertls tcp 0 0 ::ffff:74.86.xx.xx:143 ::ffff:67.223.85.151:36816 ESTABLISHED 15498/imapd tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.69.97:60879 ESTABLISHED 15652/couriertls tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.84.84:60351 ESTABLISHED 15650/couriertls tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.68.246:54552 ESTABLISHED 15593/couriertls tcp 0 4104 ::ffff:74.86.xx.xx:2382 ::ffff:201.244.171.79:65177 ESTABLISHED 10010/3 tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:206.53.150.158:43354 ESTABLISHED 15653/couriertls tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.73.199:49203 ESTABLISHED 15520/couriertls tcp 0 23 ::ffff:74.86.xx.xx:110 ::ffff:190.232.71.107:12910 ESTABLISHED - tcp 0 37960 ::ffff:74.86.xx.xx:110 ::ffff:190.24.150.12:49468 ESTABLISHED 17540/pop3d tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:216.9.249.161:48925 ESTABLISHED 15555/couriertls tcp 0 0 ::ffff:74.86.xx.xx:143 ::ffff:67.223.81.67:60543 ESTABLISHED 15490/imapd tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.68.62:60437 ESTABLISHED 15541/couriertls tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.73.209:44303 ESTABLISHED 15510/couriertls tcp 0 0 ::ffff:74.86.13.173:993 ::ffff:67.223.77.130:36187 ESTABLISHED 15507/couriertls tcp 0 42340 ::ffff:74.86.xx.xx:995 ::ffff:198.228.90.116:50958 ESTABLISHED 16206/couriertls tcp 0 24 ::ffff:74.86.xx.xx:110 ::ffff:200.13.220.228:49933 ESTABLISHED - tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.78.60:46455 ESTABLISHED 14569/couriertls tcp 0 2230 ::ffff:74.86.xx.xx:110 ::ffff:189.178.32.60:33396 ESTABLISHED 14262/pop3d tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:216.9.249.197:54553 ESTABLISHED 15496/couriertls tcp 0 933 ::ffff:74.86.xx.xx:995 ::ffff:200.37.161.41:55934 ESTABLISHED 17058/couriertls tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:216.9.249.197:54552 ESTABLISHED 15493/couriertls tcp 0 0 ::ffff:74.86.xx.xx:143 ::ffff:67.223.74.36:36683 ESTABLISHED 15501/imapd tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.69.189:49707 ESTABLISHED 16373/couriertls tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.72.4:48227 ESTABLISHED 16435/couriertls tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.68.4:11370 ESTABLISHED 15577/couriertls ---End Quote--- Closing port 993 solved the problem and load dropped down. I traced some of those IPs and they resolve to blackberry.net ---Quote--- 67.223.80.203 CANADA ONTARIO WATERLOO 43.467 -80.533 - -05:00 Net Speed ISP Domain - RESEARCH IN MOTION INC BLACKBERRY.NET ---End Quote--- I am not sure why this port is required to be open, my customers still doesn't complain about something wrong with the service.

More...
Reply With Quote
Sponsored Links
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 10:50 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.1.0 ©2007, Crawlability, Inc.

A vBSkinworks Design

Contact Us -|- Hosting Reseller Forums -|- Archive -|- Top -|-Rules/Disclaimer-|-Help/Support -|-Advertise
© Camley Interactive (camley.info) 2008 - all logos and images are copywrite their respective owners.
Proud member of the Camley Interactive Network