blocked for port scanning While using FTP to send files

Post Reply
williamkevenis1
Junior Member
Posts: 2
Joined: 07 Jan 2012, 15:20

blocked for port scanning While using FTP to send files

Post by williamkevenis1 »

My clientsarewhensendingfiles to theFTPis being blocked byportscan..
blocked for port scanning While using FTP to send files
see below

Code: Select all

 lfd on domain: 187.65.106.56 (BR/Brazil/bb416a38.domain) blocked for port scanningTime:    Thu Jan  5 19:03:09 2012 -0200
IP:      187.65.106.56 (BR/Brazil/bb416a38.domain)
Hits:    6
Blocked: Temporary Block

Sample of block hits:
Jan  5 19:02:30 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=7134 DF PROTO=TCP SPT=57957 DPT=32672 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  5 19:02:33 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=7169 DF PROTO=TCP SPT=57957 DPT=32672 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  5 19:02:39 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=7287 DF PROTO=TCP SPT=57957 DPT=32672 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  5 19:02:55 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=7696 DF PROTO=TCP SPT=58041 DPT=55416 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  5 19:02:57 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=7727 DF PROTO=TCP SPT=58041 DPT=55416 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  5 19:03:04 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=7810 DF PROTO=TCP SPT=58041 DPT=55416 WINDOW=65535 RES=0x00 SYN URGP=0
Sergio
Junior Member
Posts: 1685
Joined: 12 Dec 2006, 14:56

Re: blocked for port scanning While using FTP to send files

Post by Sergio »

williamkevenis1 wrote:My clientsarewhensendingfiles to theFTPis being blocked byportscan..
blocked for port scanning While using FTP to send files
see below

Code: Select all

 lfd on domain: 187.65.106.56 (BR/Brazil/bb416a38.domain) blocked for port scanningTime:    Thu Jan  5 19:03:09 2012 -0200
IP:      187.65.106.56 (BR/Brazil/bb416a38.domain)
Hits:    6
Blocked: Temporary Block

Sample of block hits:
Jan  5 19:02:30 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=7134 DF PROTO=TCP SPT=57957 DPT=32672 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  5 19:02:33 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=7169 DF PROTO=TCP SPT=57957 DPT=32672 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  5 19:02:39 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=7287 DF PROTO=TCP SPT=57957 DPT=32672 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  5 19:02:55 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=7696 DF PROTO=TCP SPT=58041 DPT=55416 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  5 19:02:57 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=7727 DF PROTO=TCP SPT=58041 DPT=55416 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  5 19:03:04 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=7810 DF PROTO=TCP SPT=58041 DPT=55416 WINDOW=65535 RES=0x00 SYN URGP=0
I don't see any FTP ports in this log, all I see are ports like this "DPT=32672" or "DPT=55416" that the offending IP want to access. If you want to grant access to that ports (that I doubt you should) you need to include them in your TCP/IN or TCP/OUT config file. FTP port is 21.

Sergio
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Re: blocked for port scanning While using FTP to send files

Post by chirpy »

That would suggest FTP connection tracking is not working in your kernel and you will have to implement the open port workaround mentioned in the readme.txt
edigest
Junior Member
Posts: 10
Joined: 25 Apr 2013, 17:10

Re: blocked for port scanning While using FTP to send files

Post by edigest »

I have a similar problem, but only with one user so I'm not sure that "would suggest FTP connection tracking is not working in your kernel" is true.

I would like to point out one thing, though: "implement the open port workaround mentioned in the readme.txt" could be more helpful. I looked through the readme.txt and could not find the words "open port workaround" in any meaningful context.

What are you referring to as a workaround?
wingowin
Junior Member
Posts: 1
Joined: 02 Jul 2013, 17:02

Re: blocked for port scanning While using FTP to send files

Post by wingowin »

The problem is the new update FileZilla FTP client.

Is someone have a solution beacause its going to become increasingly stressfull.

------------------------

lfd on : 77.204.46.196 (FR/France/196.46.204.77 blocked for port scanning

My client is blocked after update FileZilla !

Time: Tue Jul 2 15:04:13 2013 +0200
IP: 77.204.46.196 (FR/France/196.46.204.77)
Hits: 11
Blocked: Temporary Block

Sample of block hits:
Jul 2 15:01:33 mars kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:15:5d:22:d0:19:00:d0:00:d9:c4:00:08:00 SRC=77.204.46.196 DST=205.236.34.158 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=28745 DF PROTO=TCP SPT=55781 DPT=62586 WINDOW=65535 RES=0x00 SYN URGP=0 Jul 2 15:01:34 mars kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:15:5d:22:d0:19:00:d0:00:d9:c4:00:08:00 SRC=77.204.46.196 DST=205.236.34.158 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=10608 DF PROTO=TCP SPT=55781 DPT=62586 WINDOW=65535 RES=0x00 SYN URGP=0 Jul 2 15:01:35 mars kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:15:5d:22:d0:19:00:d0:00:d9:c4:00:08:00 SRC=77.204.46.196 DST=205.236.34.158 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=13339 DF PROTO=TCP SPT=55781 DPT=62586 WINDOW=65535 RES=0x00 SYN URGP=0 Jul 2 15:01:36 mars kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:15:5d:22:d0:19:00:d0:00:d9:c4:00:08:00 SRC=77.204.46.196 DST=205.236.34.158 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=44853 DF PROTO=TCP SPT=55781 DPT=62586 WINDOW=65535 RES=0x00 SYN URGP=0 Jul 2 15:01:37 mars kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:15:5d:22:d0:19:00:d0:00:d9:c4:00:08:00 SRC=77.204.46.196 DST=205.236.34.158 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=39970 DF PROTO=TCP SPT=55781 DPT=62586 WINDOW=65535 RES=0x00 SYN URGP=0 Jul 2 15:01:38 mars kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:15:5d:22:d0:19:00:d0:00:d9:c4:00:08:00 SRC=77.204.46.196 DST=205.236.34.158 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=25688 DF PROTO=TCP SPT=55781 DPT=62586 WINDOW=65535 RES=0x00 SYN URGP=0 Jul 2 15:01:40 mars kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:15:5d:22:d0:19:00:d0:00:d9:c4:00:08:00 SRC=77.204.46.196 DST=205.236.34.158 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=8756 DF PROTO=TCP SPT=55781 DPT=62586 WINDOW=65535 RES=0x00 SYN URGP=0 Jul 2 15:01:45 mars kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:15:5d:22:d0:19:00:d0:00:d9:c4:00:08:00 SRC=77.204.46.196 DST=205.236.34.158 LEN=48 TOS=0x00 PREC=0x00 TTL=50 ID=19498 DF PROTO=TCP SPT=55781 DPT=62586 WINDOW=65535 RES=0x00 SYN URGP=0 Jul 2 15:04:11 mars kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:15:5d:22:d0:19:00:d0:00:d9:c4:00:08:00 SRC=77.204.46.196 DST=205.236.34.158 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=34969 DF PROTO=TCP SPT=55993 DPT=5384 WINDOW=65535 RES=0x00 SYN URGP=0 Jul 2 15:04:12 mars kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:15:5d:22:d0:19:00:d0:00:d9:c4:00:08:00 SRC=77.204.46.196 DST=205.236.34.158 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=6104 DF PROTO=TCP SPT=55993 DPT=5384 WINDOW=65535 RES=0x00 SYN URGP=0 Jul 2 15:04:12 mars kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:15:5d:22:d0:19:00:d0:00:d9:c4:00:08:00 SRC=77.204.46.196 DST=205.236.34.158 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=35723 DF PROTO=TCP SPT=55993 DPT=5384 WINDOW=65535 RES=0x00 SYN URGP=0
Post Reply