comcast, new IPs, and pounding on port 36457

Hi Folks,

I've got a linux router that's been performing badly recently.
named is timing out, my monitor script keeps restarting it, and
the logs a filling with blocked requests from all over the place
with TCP syn requests on port 36457. I looked it up on google,
and there are a bunch of links for CGIWrap (error|can't execute|etc.)
If I follow one of those links, the only thing I see is that its the
port number in the refering URL from google itself. Example:
Referring Page: http://www.google.com/search?sourcei...n&q=port+36457

Anyone know what this is about?

How can I get a new IP address from comcast? I tried brining down
my wan NIC and power cycling my cable modem, and deleted the dhclient
lease file, but that didn't work because the DHCP lease at comcast's
end won't expire for a couple of days. The live
support person was mostly clueless as expected. I can't really
leave the thing down for a week to expire the lease.

Any other ideas? Oh yeah, Its a RH 6.1 image, newer kernel, dual
NICs, etc.

Thx, Chris

--
Chris Richmond | I don't speak for Intel & vise versa

On Thu, 6 Jan 2005 21:28:39 +0000 (UTC), Chris Richmond - MD6-FDC ~ wrote:
> Hi Folks,
>
> I've got a linux router that's been performing badly recently.
> named is timing out,

Nothing should be taking named down and you should not have to be
restarting it. I thought there were security updates to named.
Do you have the lastest named.

I am running Mandrakelinux 10.1 on Comcast as a firewall/router and
have yet to see your problem.

I cannot remember when I have seen any traffic to speak of on port 36457.

Looking at traffic at
http://www.dshield.org//port_report.php?port=36457
http://isc.sans.org/port_details.php?port=36457
shows it is pretty light, traffic wise.

http://lists.gpick.com/portlist/lookup.asp?port=36457 does not have
any data either.

Now if it were me, I would create another empty ~4 gig partition and
install a new release like FC3 or another distribution, set firewall
rules, connect to cable modem, and see if the problem still exists
with the current setup and ip address.

As for changing ip address, you could try powering down cable modem and
system, swap nics, or insert a new nic to cable modem, bring up the
cable modem, wait for it to sync, then bring up your box.

--
The warranty and liability expired as you read this message.
If the above breaks your system, it's yours and you keep both pieces.
Practice safe computing. Backup the file before you change it.

Thanks for the pointers and suggestions. I've got another
box ready to go, sans a current install. Its got FC1?
That's probably the best way to go.

Chris

--
Chris Richmond | I don't speak for Intel & vise versa

On Thu, 6 Jan 2005 22:43:45 +0000 (UTC), Chris Richmond - MD6-FDC ~ wrote:
> Thanks for the pointers and suggestions. I've got another
> box ready to go, sans a current install. Its got FC1?
> That's probably the best way to go.

Why FC1, thought FC3 is the new and improved FC2.

In article <(E-Mail Removed)>,
Bit Twister <(E-Mail Removed)> writes:
>On Thu, 6 Jan 2005 22:43:45 +0000 (UTC), Chris Richmond - MD6-FDC ~ wrote:
>> Thanks for the pointers and suggestions. I've got another
>> box ready to go, sans a current install. Its got FC1?
>> That's probably the best way to go.
>
>Why FC1, thought FC3 is the new and improved FC2.

Sorry. It's got FC1 now. FC3 would be the "current install"
I need to do.

Chris

--
Chris Richmond | I don't speak for Intel & vise versa

On Fri, 7 Jan 2005 01:15:08 +0000 (UTC), Chris Richmond - MD6-FDC ~ wrote:

Forgot to mention, change all passwords on the new test box just
incase the other box was cracked.

Bit Twister wrote:
> On Thu, 6 Jan 2005 22:43:45 +0000 (UTC), Chris Richmond - MD6-FDC ~ wrote:
>
>>Thanks for the pointers and suggestions. I've got another
>>box ready to go, sans a current install. Its got FC1?
>>That's probably the best way to go.
>
>
> Why FC1, thought FC3 is the new and improved FC2.
>
Depends on how much you trust 2.6 kernels.

--
-bill davidsen ((E-Mail Removed))
"The secret to procrastination is to put things off until the
last possible moment - but no longer" -me