Firewall/pinging question

**Martz** · Mon 24 Oct '05, 10:23am

We had a few similar issues because we were running a DNS Blacklist/Proxy scanner for IRC servers on the same machine as the forums. Resulted in some people who connected to IRC not being able to access the forums afterwards.

Some software firewalls react when they shouldn't - and if it's one person I wouldn't wory about it. I've seen crappy Norton Internet Security block many sites for stupid reasons.

If you are on shared hosting, this might be one of the risks you run - another user on the same machine could possibly cause your users some problems.

**BabyU** · Tue 25 Oct '05, 4:18pm

Thank you for the reply! Unfortunately, this person is continuing to stir up trouble and now informs me that they explained it wrong. I'm beginning to think it may be an ad that I'm running. Is there anything in this report that could give me clues?

Date/Time Source IP Hostname SPort DPort Event Information
2005/10/11 20:39:57 66.246.135.11 host.bwscom.net 80 4406 Port 4406 (TCP)
2005/10/11 20:42:04 66.246.135.11 host.bwscom.net 80 4477 Port 4477 (TCP)
2005/10/11 20:44:02 66.246.135.11 host.bwscom.net 80 4547 Lanner License Manager
2005/10/12 10:05:55 66.246.135.11 host.bwscom.net 80 2454 IndX-DDS
2005/10/16 13:42:34 66.246.135.11 host.bwscom.net 80 3121 Port 3121 (TCP)
2005/10/16 13:42:34 66.246.135.11 host.bwscom.net 80 3122 Port 3122 (TCP)
2005/10/17 10:26:46 66.246.135.11 host.bwscom.net 80 2190 Port 2190 (TCP)
2005/10/17 10:26:47 66.246.135.11 host.bwscom.net 80 2199 Port 2199 (TCP)
2005/10/17 10:27:15 66.246.135.11 host.bwscom.net 80 2242 Folio Remote Server
2005/10/17 17:08:56 66.246.135.11 host.bwscom.net 80 3606 Port 3606 (TCP)

I blocked IP 66.246.135.11 during this time and Kim was unable to access BBU

2005/10/23 13:08:26 66.246.135.11 host.bwscom.net 80 2412 CDN
2005/10/23 13:08:57 66.246.135.11 host.bwscom.net 80 2455 WAGO-IO-SYSTEM
2005/10/24 08:51:39 66.246.135.11 host.bwscom.net 80 2033 Port 2033 (TCP)
2005/10/24 08:51:49 66.246.135.11 host.bwscom.net 80 2112 Port 2112 (TCP)
2005/10/24 11:31:22 66.246.135.11 host.bwscom.net 80 4669 Port 4669 (TCP)
2005/10/24 11:31:23 66.246.135.11 host.bwscom.net 80 4670 Port 4670 (TCP)
2005/10/24 15:09:14 66.246.135.11 host.bwscom.net 80 2393 MS OLAP 1
2005/10/24 15:09:14 66.246.135.11 host.bwscom.net 80 2394 MA OLAP 2 / MS OLAP 2

**Martz** · Tue 25 Oct '05, 11:59pm

It's shared hosting from what I can see - so theres a good chance it isn't anything to do with your server. Moving to your own dedicated IP address would stop anyone else on your shared server from causing problems which seemily come from you. Speak to your web hosts - they should be able to help you with this.

www.babyuniversity.com => 66.246.135.11
66.246.135.11 => host.bwscom.net

Any decent firewall should not block all connections from that IP address - especially if the log files you posted are a complete list of all the attempts. They should just block the request, and carry on. I still "blame" the user for having a crappy or misconfigured firewall. Yes it should deny requests to those ports as they happen, but it shouldn't block all traffic to and from that IP address - espcially not for a workstation firewall anyway.

Tell them to uninstall Norton and get something decent and speak to your web hosts about WHY such request are originating from your server, and by whom.

**BabyU** · Wed 26 Oct '05, 3:26am

Their reply was that it was from an ad on my site. There's only three sites on this server, and the other two are friends of mine. As I tried to explan to the member, I also run a firewall and I don't have these same issues. Apparently, no one else does either. <<shrugs>>

Thank you for shedding some light on that for me! I appreciate your help!

Firewall/pinging question

Firewall/pinging question

Comment

Comment

Comment

Comment