I got a notification from my kaspersky antivirus on my windows 10 (which is always on)
Apparently, there was a port scan and it was blocked.
User: NT AUTHORITY\SYSTEM
User type: System user
Component: Network Attack Blocker
Result description: Blocked
Name: Scan.Generic.PortScan.TCP
Object: TCP from 104.152.52.xxx at 192.168.0.10:1701
Additional: 192.168.0.10
Databases release date: Yesterday, 1/19/2022 12:34:00 PM
192.168.0.10 is a virtual machine running debian; I have UFW on this debian and port 1701 is not in any UFW rules. (so it's not allowed)
I have done a grep on the ports of the debian VM using: sudo netstat -tulpn | grep 1701 Found nothing
I assume the port scan has been done on all the machines in my network?
How can I find out where the scan comes from?
What are the consequences? What should I do next?
So from what i understand of what you published, 104.152.52.xxx made a scan. What's odd is how could he effectively reach your machine at 192.168.0.10, so i believe you have port forwarding enabled on your router. *-{see edit}
I also assume that the IP address of your VM is bind directly to your home network 192.168.0.0\24 (and not in a sub network on Windows 10). So your router should be accessible at 192.168.0.1 (or 192.168.0.254 sometimes)
Consequences of a scan ?
most likely, none, except if you have some port opens, kaspersky blocked the 1701, but probably other ports have been scanned. So verify the configuration of your router
Is it normal ?
Yes. Every device accessible from internet is constantly scanned. Always.
What to do next ?
Make sure no port-forwarding is enabled on your router
If port forwarding is enable, and needed. Make sure the software behind it is secured and up to date. if you have a password access, the password should be strong. If you have an SSH server, deactivate the authentication by password and activate the authentication by public key.
== EDIT ==
Other possibility than port forwarding and seems to be the answer:
If the VM is in a DMZ, then all unassigned ports on the router may be (depends on the router) redirected to the VM, therefore, a scan on the public ip address, would result on a scan on the VM.
Related
I have two Azure VMs I set up to test a program I made. The program is to be run on both VMs, where synchronous operations are performed, requiring the VMs to communicate with eachother on different ports using TCP protocols. To access my Azure VMs, I SSH'd into them on port 22 using Putty on my local machine. The VMs are on the same subnet, and I am trying to get them to communicate with eachother via their public IP. I have set up both VMs inbound rules to accept messages from eachother on any port, using any protocol here is an example of this.
During the execution of my program, I encounter the following error "Unable to connect to remote host: Connection refused". After this, I did some investigating. First, I had both VMs ping eachother, which they successfully did. Then, on both VMs, I ran the command "telnet other.ip 22", where other.ip is the other VMs public IP. This seems to work, as seen in this image. When I run "telnet other.ip 6000", or any other port besides 22 for that matter, I get the same error of "Unable to connect to remote host: Connection refused". My rational is that if I can get the "telnet" command running on any port, that my program will likely work too.
I am not too sure what my issue could be at this point, and my internet searches have not helped me. I doubt there is an issue of a port being backlogged with communication requests given my current inbound rules. Also, I did try to change my inbound rules so that my VMs would receive messages on any port, using any protocol, from any source, which resulted in the same error (I then changed it back from 'any source' to only my other VMs public IP for security purposes).
According to your description, you may check two points:
If there is any firewall inside the VM that is blocking the connection from the external network with port 6000. For example, if you are using Ubuntu VM, you can refer to How to Set Up a Firewall with UFW on Ubuntu 18.04. Then disable the firewall with the command sudo ufw disable or add a firewall rule to verify this.
Run the command on Linux to see open ports. sudo netstat -tulpn | grep LISTEN. You should see port 6000 in the output. If not, it might mean that your program is not started well.
Let me know if you have any concerns.
Check your firewall rules. If your organization tent to use firewall then add port 6000 in inbound and outbound chain.
you can connect the remote host with port number only when it is in listening state.
sudo netstat -tulpn | grep LISTEN.
local connection
Nmap scan of public ip address
Open Port Check Tool result
Virtual server configuration
I have a linux machine on a dekstop with arch linux installed that I use as a server running Apache2 (it works perfectly fine locally), and I want to use port forwarding to access it from the public ip address.
I tried using the router's virtual server service, so I redirected my local to port 2112 of my public ip address, I already used http://www.portchecktool.com/ to scan the port, and it says that the port is open whenever I enable it (I tried changing the port number many times, 443, 22, 5555...). But when I try to connect, it says 'Unable to connect'.
(Even thought the port scanner tool says the port is open on my public ip, when I scan my router's port with nmap it says it's closed)
I know I didn't provide many details, but is there something that I'm missing ?
EDIT:
It seems that the problem only occurs locally, which is why the nmap and port checker results are different, I asked a friend of mine to connect to my public ip address on port 2112, and he told me that it's working fine, and that he could see the page, why does this problem occur ? Why can I access it from outside LAN but not from the inside ?
There are a few parts to this answer:
To keep it simple I am going to assume a few things as you did not specify too many things.
What you have
Ubuntu Server VM running on your Windows machine
What you are trying to do
Connect to the VM (running Apache2) to view a website on the server via your public IP
If either of these are incorrect let me know
Ensure you first have port-fording setup on your main router to go to your Windows machine local IP. Open the correct port that your Appache2 server is running on.
Ensure you have opened the correct port on your windows machine firewall to allow that inbound traffic
Change the network settings for your VM to bridge the connection
Does host's hosts file influence routing of requests from inside virtual box VM?
I.e. if I will add something to host's hosts file will the request be routed properly from the virtual box.
I guess that, if I am running image networking in NAT mode, it should work. How exactly does the hosts file resolution work? How is the hosts file DNS resolution hooked to the network interface?
If you're running Nat in VirtualBox you'll need to port forward to the guest internal ip. Usually, for Nat but not always, your virtual system guest will be on 10.0.2.15. You can check this with ipconfig and modify accordingly. On the Virtualbox main interface goto File/Preferences and select Network. Add a new Network (Network card icon with plus), by default called NatNetwork. Make sure the checkbox is on. Click on edit (the screwdriver icon) and select Port Forwarding. Fill in the six boxes on the Port Forwarding Rules dialog. For example, let us assume you have installed Webmin on a Virtual Server, with ssl.
I would suggest for Webmin:
Name: Webmin,
Protocol: TCP,
Host IP: 127.0.0.1,
Host Port: 2525,
Guest IP: 10.0.2.15,
Guest Port: 10000.
Finally, click OK on all dialogs back to the main interface. Back at Virtualbox main interface goto Network and change the Attached to: from Nat to NatNetwork and click OK.
Goto your browser and put https://localhost:2525 and the Webmin login dialog will come up.
For SSH access from a host terminal, assuming you have installed OpenSSH server, it would be similar.
Name: ssh,
Protocol: TCP,
Host IP: 127.0.0.1,
Host Port: 2222,
Guest IP: 10.0.2.15,
Guest Port: 22.
At the host terminal prompt: sudo shh -p 2222 YourAdminGuestName#127.0.0.1
The Host Port numbers can be any port not used. The ones I've used in the above examples I've chosen at random and work on my machine. Guest Port numbers are real allocated port numbers.
I have my beaglebone black running stock Angstrom Linux and is connected to ethernet at my home. I can login from any PC connected to my home network using SSH. I would like to know how can I login from another network, say I am at my office and I am connected to internet. I want to login into my beaglebone black which is connected to internet at my Home. How can I do this?
Thanks in Advance
You have a public IP address, that is given to you by your Internet operator. This public IP however will be different than the IP of your Beagle in your local network.
To login to your Beagle from the Internet, you need to connect to your public IP address, and need to add port forwarding to your router, so that port 22, which is the socket port that is used by ssh, is forwarded from your public IP to your local IP.
So, you need to login to your router management console, and go to "port forwarding" options, and select to forward TCP/IP connections to port 22 be forwarded to your Beagle IP. For this to work longer term, you should set static IP address to your Beagle, otherwise if your board stays offline for long time, the DHCP server on your router will probably assign different IP at some point, and the forwarding would need to be setup again.
There is a good guide on the static IP address setting in Beagle/Angstrom here: http://derekmolloy.ie/set-ip-address-to-be-static-on-the-beaglebone-black/
One more thing: Since your operator will also assign different public IP for you from time to time, you might want to have some kind of Dynamic DNS service in use. With this kind of service, you can create your "custom" DNS address (for example user3180454.no-ip.com), that will always point to your Public IP address to which you can create ssh connection (the service will require some method to keep this IP address up to date, you will see instructions on how to do it from the service you use).
Couple services like this:
http://no-ip.com/
http://freedns.afraid.org/
You might also want to try out the Weaved connection service installer for BeagleBone Black. I'm using it to connect:
SSH on port 22
BBB web server on port 80
tightVNC server on port 5901
Shell in a Box on port 4200
Apache web server on port 8080
See:
https://developer.weaved.com/portal/members/betabeagle.php
If you are:
Connecting to from a BeagleBoard via USB Ethernet
from Mac Air running Mavericks & connected to web via Wifi
I found this very helpful:
http://makezine.com/2012/07/16/use-your-mac-laptop-as-a-wireless-proxy-for-raspberry-pi/
In short >> install/run a proxy server (with Squidman) & your life will be easier.
I know this is an old question. But I thought I'd suggest another option. I use TeamViewer (https://www.teamviewer.com) to connect to my work/home computers. You could use something like this to connect to your home computer from the office. Once connected to your home computer, you could then do whatever you need to do on your home network. No port forwarding required.
I'm using Samba and windbindd on my linux boxes. Without a firewall up on the linux box I have no trouble resolving LAN machine names:
user#laptop-linux:~$ ping desktop
PING desktop (192.168.1.100) 56(84) bytes of data.
64 bytes from 192.168.1.100: icmp_seq=1 ttl=128 time=0.878 ms
when I start the firewall I get:
user#laptop-linux:~$ ping desktop
ping: unknown host desktop
I have opened up the Samba ports (137-139 445) as well as the mDNS port 5353 with no effect. WINS has been enabled in nsswitch.conf and I've also tried removing the mdns4 entries for host lookup. I can see the DNS query going out regular DNS with my ISP domain suffix attached which is not what I want. I want to use wins / NetBIOS to do the work. Do I have allow some form of broadcast port? Can this be done while maintaining security? I want to have a firewall running on my laptop because I access open hotspots on a regular basis. Thanks
Sorry for necroing this post, but i had considerable trouble figuring this out, and hence am putting it up for anyone else who might run into it.
Basically you have to enable incoming packets (NB response packets) coming from port 137/udp of the responding system. In ubuntu 11.04, using ufw, this can be easily done as:
ufw allow proto udp from 192.168.1.0/24 port 137 to any
This assumes that your LAN is using the 192.168.1.0/24 ip range.