port 993, is necesary to open it?

Hello, I had a problem with the server today and noticed some kind of denial of service over port 993

I checked #netstat -plan |grep 'ESTABL' and got a lot of unusual connections to port 993

Quote:

tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.85.208:46994 ESTABLISHED 15651/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:216.9.248.227:48347 ESTABLISHED 16028/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.80.203:52212 ESTABLISHED 15538/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:216.9.249.32:56477 ESTABLISHED 15662/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.81.144:45997 ESTABLISHED 15539/couriertls
tcp 0 24 ::ffff:74.86.xx.xx:110 ::ffff:189.140.157.14:49711 ESTABLISHED 17716/pop3login
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.72.137:38034 ESTABLISHED 15524/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:143 ::ffff:67.223.69.136:43164 ESTABLISHED 15489/imapd
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.73.38:37825 ESTABLISHED 15521/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.80.153:56221 ESTABLISHED 15589/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.72.127:35437 ESTABLISHED 13088/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.76.59:47411 ESTABLISHED 15565/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.76.59:47412 ESTABLISHED 15575/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.84.83:39503 ESTABLISHED 15540/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:143 ::ffff:206.53.151.114:34679 ESTABLISHED 15599/imapd
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.80.81:49257 ESTABLISHED 15506/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.72.91:54139 ESTABLISHED 15743/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.73.192:52082 ESTABLISHED 15556/couriertls
tcp 0 62780 ::ffff:74.86.xx.xx:110 ::ffff:190.146.241.13:60367 ESTABLISHED 15531/pop3d
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.80.175:52519 ESTABLISHED 15522/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.69.210:34372 ESTABLISHED 13197/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:143 ::ffff:201.245.237.188:1194 ESTABLISHED 15171/imapd
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.68.112:33763 ESTABLISHED 15571/couriertls
tcp 0 756 ::ffff:74.86.xx.xx:2382 ::ffff:201.244.171.79:65047 ESTABLISHED 4358/1
tcp 0 16 ::ffff:74.86.xx.xx:110 ::ffff:190.24.138.106:1783 ESTABLISHED -
tcp 0 0 ::ffff:74.86.xx.xx:2382 ::ffff:201.244.171.79:65054 ESTABLISHED 5086/2
tcp 0 6440 ::ffff:74.86.xx.xx:2382 ::ffff:201.244.171.79:65031 ESTABLISHED 3347/0
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.86.16:39051 ESTABLISHED 15584/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.81.57:45462 ESTABLISHED 15580/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:143 ::ffff:67.223.85.151:36816 ESTABLISHED 15498/imapd
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.69.97:60879 ESTABLISHED 15652/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.84.84:60351 ESTABLISHED 15650/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.68.246:54552 ESTABLISHED 15593/couriertls
tcp 0 4104 ::ffff:74.86.xx.xx:2382 ::ffff:201.244.171.79:65177 ESTABLISHED 10010/3
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:206.53.150.158:43354 ESTABLISHED 15653/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.73.199:49203 ESTABLISHED 15520/couriertls
tcp 0 23 ::ffff:74.86.xx.xx:110 ::ffff:190.232.71.107:12910 ESTABLISHED -
tcp 0 37960 ::ffff:74.86.xx.xx:110 ::ffff:190.24.150.12:49468 ESTABLISHED 17540/pop3d
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:216.9.249.161:48925 ESTABLISHED 15555/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:143 ::ffff:67.223.81.67:60543 ESTABLISHED 15490/imapd
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.68.62:60437 ESTABLISHED 15541/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.73.209:44303 ESTABLISHED 15510/couriertls
tcp 0 0 ::ffff:74.86.13.173:993 ::ffff:67.223.77.130:36187 ESTABLISHED 15507/couriertls
tcp 0 42340 ::ffff:74.86.xx.xx:995 ::ffff:198.228.90.116:50958 ESTABLISHED 16206/couriertls
tcp 0 24 ::ffff:74.86.xx.xx:110 ::ffff:200.13.220.228:49933 ESTABLISHED -
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.78.60:46455 ESTABLISHED 14569/couriertls
tcp 0 2230 ::ffff:74.86.xx.xx:110 ::ffff:189.178.32.60:33396 ESTABLISHED 14262/pop3d
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:216.9.249.197:54553 ESTABLISHED 15496/couriertls
tcp 0 933 ::ffff:74.86.xx.xx:995 ::ffff:200.37.161.41:55934 ESTABLISHED 17058/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:216.9.249.197:54552 ESTABLISHED 15493/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:143 ::ffff:67.223.74.36:36683 ESTABLISHED 15501/imapd
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.69.189:49707 ESTABLISHED 16373/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.72.4:48227 ESTABLISHED 16435/couriertls
tcp 0 0 ::ffff:74.86.xx.xx:993 ::ffff:67.223.68.4:11370 ESTABLISHED 15577/couriertls

Closing port 993 solved the problem and load dropped down.

I traced some of those IPs and they resolve to blackberry.net

Quote:

67.223.80.203 CANADA ONTARIO WATERLOO 43.467
-80.533 - -05:00
Net Speed ISP Domain
- RESEARCH IN MOTION INC BLACKBERRY.NET

I am not sure why this port is required to be open, my customers still doesn't complain about something wrong with the service.

This entry was posted on Friday, October 10th, 2008 at 6:31 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.

My ‘56 Chevy

port 993, is necesary to open it?