On 3/28/08, Ric <lists@xxxxxxxxxxx> wrote: > > On Mar 28, 2008, at 12:35 AM, kk CHN wrote: > > > On 3/28/08, Ric <lists@xxxxxxxxxxx> wrote: > > >> What then is on ports 65287 and 64313 on your server? > > > > www python2.4 44496 20 tcp4 my_Serverbox_public_IPAddress > > :65287 164.115.5.2:80 > > > > Here the pid 44496 I greped > > > > $ ps -aux|grep 44496 > > www 44496 0.0 21.3 445368 442940 ?? S Thu11AM 203:49.39 > > /usr/local/bin/python2.4 /usr/local/www/Zope28/lib/python/Zope > > > > its conecting to the zope process : So it means some thing going > > wrong with my machine? that foreign ip has access through some holes > > of my plone/zope application right? > > > > Someone connecting to the Zope server doesn't necessarily mean there > is a "hole". Why don't you take a look at your Zope logs and see what > that IP is doing. > > In any case, closing off ports to outside access is trivial. Either > throw up a firewall or configure Zope to bind only to 127.0.0.1. > I added a ipfw rule like this ipfw add deny tcp from 164.115.5.0/24 to me in my ipfw_firewall script and restarted the firewall sevice , but still the same ip is able to make connection as follows why this happens ? storm# sockstat -4p 80 USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS www python2.4 79874 11 tcp4 my_ipaddress :57060 164.115.5.2:80 www python2.4 79874 17 tcp4 my_ipaddress :64305 164.115.5.2:80 www httpd 73932 3 tcp4 127.0.0.1:80 *:* www httpd 849 3 tcp4 127.0.0.1:80 *:*
