Results 1 to 5 of 5
  1. #1
    ABW Ambassador CrazyGuy's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,463
    David - is there any legitimate reason (related to XML) Amazon should be doing port scans on my server?

    My firewall is blocking them so it's only generating a heap of warning emails - but is there any advantage (performance, resources?) to adding them to my "trusted" list and letting them through? I'm thinking maybe they do some confimation check when an xml request is made before they send data or something?

    Are you Crazy?

  2. #2
    ABW Ambassador cusimano's Avatar
    Join Date
    January 18th, 2005
    Location
    Toronto, Canada
    Posts
    1,369
    I'm not aware of what this is. I doubt that amazon.com would do port scanning. Post more information (traces, warnings, etc.) here or send an email to me.

    Yours truly,
    Cusimano.Com Corporation
    per: David Cusimano

  3. #3
    ABW Ambassador CrazyGuy's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,463
    I've PM'd you a sample

    Are you Crazy?

  4. #4
    ABW Ambassador cusimano's Avatar
    Join Date
    January 18th, 2005
    Location
    Toronto, Canada
    Posts
    1,369
    I'm not a TCP/IP expert. But it looks like the activity that your firewall is detecting may be a traceroute. See this excerpt from http://www.opus1.com/o/nobreakin.html

    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Your intrusion detection system may have seen 3 or 30 packets addressed to high-numbered UDP ports (above 32,768) and called it a port scan. It's not. Your intrusion detection system (or you, if you're interepreting the logs manually) has set a false alarm. This is just someone tracerouting to you. You are not being port scanned. And no one is trying to break in to your network.<HR></BLOCKQUOTE>

    See also this posting at amazon.com's XML discusion board.

    Yours truly,
    Cusimano.Com Corporation
    per: David Cusimano

  5. #5
    ABW Ambassador CrazyGuy's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,463
    Thanks David

    I don't believe this activity is a security threat or malicious - I tend to (wrongly) use "port scan" to mean any visitor turning up at an uncommon server port [img]/infopop/emoticons/icon_confused.gif[/img]

    I also don't believe a person at Amazon is sitting at their desk doing a traceroute to lil ole me, so it's going to be coming from one of their systems, and I have to assume it's related in some way to my server making xml requests.

    I tend to forget about the Amazon board - I'll see if anyone there is experiencing this too (search doesn't raise anything, as I'm sure you saw).

    More interesting than concerning ...

    Are you Crazy?

  6. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. "Port: " info... what does that mean?
    By ladidah in forum ShareASale - SAS
    Replies: 1
    Last Post: August 25th, 2008, 02:15 PM
  2. Morpheus/Buyers Port
    By chetf in forum Suspicious Activity!
    Replies: 4
    Last Post: April 30th, 2003, 05:16 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •