Al revisar los logs. del firewall (Sygate) me he encontrado con lo siguiente:
TIME REMOTE HOST REMOTE PORT LOCAL HOST LOCAL PORT DIRECTION ACTION
02/03/06 20:25 213.252.216.XXX. 4532 212.142.214.XXX. 48165 Incoming Blocked
02/03/06 20:25 213.252.216.XXX. 4532 212.142.214.XXX. 48165 Incoming Blocked
02/03/06 20:25 213.252.216.XXX. 4532 212.142.214.XXX. 48165 Incoming Blocked
02/03/06 20:25 213.252.216.XXX. 4613 212.142.214.XXX. 48165 Incoming Blocked
02/03/06 20:25 213.252.216.XXX. 4613 212.142.214.XXX. 48165 Incoming Blocked
02/03/06 20:26 213.252.216.XXX. 4613 212.142.214.XXX. 48165 Incoming Blocked
02/03/06 20:26 213.252.216.XXX. 4718 212.142.214.XXX. 48165 Incoming Blocked
02/03/06 20:26 213.252.216.XXX. 4718 212.142.214.XXX. 48165 Incoming Blocked
02/03/06 20:27 213.252.216.XXX. 4718 212.142.214.XXX. 48165 Incoming Blocked
En total son alrededor de 150 entradas de ese tipo procedentes de la misma IP y con el puerto 48165 como destino, producidas en una hora.
En el Packet log, me da la siguiente información:
Ethernet II (Packet Length: 62)
Destination: 00-00-01-00-00-00
Source: 70-8a-20-00-01-00
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 111
Protocol: 0x6 (TCP - Transmission Control Protocol)
Header checksum: 0xd58d (Correct)
Source: 213.252.216.XXX
Destination: 212.142.214.XXX
Transmission Control Protocol (TCP)
Source port: 4532
Destination port: 48165
Sequence number: 4161733167
Acknowledgment number: 0
Header length: 28
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Checksum: 0xb661 (Correct)
Data (0 Bytes)
Supongo que se trata de un intento de intrusión, pero realmente no lo sé. ¿Alguien ha recibido ataques a través de ese puerto?
Un saludo.
Ernesto