[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Portsentry/IPChains Log Entries
- Subject: [cobalt-users] Portsentry/IPChains Log Entries
- From: "Craig Napier" <craignapier@xxxxxxxxxxx>
- Date: Fri Feb 2 19:25:01 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Q: I've installed IPChains, Portsentry and Logcheck and have Portsentry
dropping into IPChains on scans. I'm trying to figure out how to have
Portsentry/IPChains ignore a certain IP range <the ignore files doen't seem
to work>... It seems that another system that shares our network connection
keeps littering our logs with entries <from port 137/138>.. We've tried
everything possible to stop this logging as the logs easily reach 50 megs a
day... We're running portsentry on TCP in Stealth mode <-stcp>, and UDP in
Classic mode <-udp>.. We've also placed the IP block in question inside the
Portsentry "ignore" file, as well as told it to stop looking on port 137 for
UDP/TCP connections... But these darn entries still persist... Should I be
turning my attention towards IPChains, instead of focusing on Portsentry for
this noise?
Does anyone have any idea or suggestions? Anything hint would be greatly
appreciated..
-Craig Napier
Feb 2 21:49:32 pandora kernel: Packet log: input DENY eth0 PROTO=17
xxx.xxx.66.231:137 xxx.xxx.66.255:137 L=78 S=0x00
I=17028 F=0x0000 T=128 (#9)
Feb 2 21:49:32 pandora kernel: Packet log: input DENY eth0 PROTO=17
xxx.xxx.66.231:138 xxx.xxx.66.255:138 L=256 S=0x0
0 I=17284 F=0x0000 T=128 (#9)
Feb 2 21:49:32 pandora kernel: Packet log: input DENY eth0 PROTO=17
xxx.xxx.66.205:137 xxx.xxx.66.255:137 L=78 S=0x00
I=420 F=0x0000 T=128 (#8)
Feb 2 21:49:32 pandora kernel: Packet log: input DENY eth0 PROTO=17
xxx.xxx.66.205:137 xxx.xxx.66.255:137 L=78 S=0x00
I=676 F=0x0000 T=128 (#8)
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com