[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Portsentry/IPChains Log Entries

Subject: Re: [cobalt-users] Portsentry/IPChains Log Entries
From: "Zeffie" <cobaltlist@xxxxxxxx>
Date: Sun Feb 4 23:59:01 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> Q: I've installed IPChains, Portsentry and Logcheck and have Portsentry
> dropping into IPChains on scans. I'm trying to figure out how to have
> Portsentry/IPChains ignore a certain IP range <the ignore files doen't
seem
> to work>... It seems that another system that shares our network
connection
> keeps littering our logs with entries <from port 137/138>.. We've tried
> everything possible to stop this logging as the logs easily reach 50 megs
a
> day... We're running portsentry on TCP in Stealth mode <-stcp>, and UDP in
> Classic mode <-udp>.. We've also placed the IP block in question inside
the
> Portsentry "ignore" file, as well as told it to stop looking on port 137
for
> UDP/TCP connections... But these darn entries still persist... Should I be
> turning my attention towards IPChains, instead of focusing on Portsentry
for
> this noise?
>
> Does anyone have any idea or suggestions? Anything hint would be greatly
> appreciated..
>

Wack them~!!!!
If someone was hitting my box with that much stuff I'd take them off the
net.
Find them and make them stop....

Zeffie

Follow-Ups:
- Re[2]: [cobalt-users] Portsentry/IPChains Log Entries
  - From: Brian Curtis
- Re: [cobalt-users] Portsentry/IPChains Log Entries
  - From: flash22

References:
- [cobalt-users] Portsentry/IPChains Log Entries
  - From: Craig Napier

Prev by Date: Re: [cobalt-users] Re: Cobalt Wannabe?
Next by Date: [cobalt-users] PHP problem
Previous by thread: Re: [cobalt-users] Portsentry/IPChains Log Entries
Next by thread: Re[2]: [cobalt-users] Portsentry/IPChains Log Entries

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index