[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Portsentry Help
- Subject: RE: [cobalt-users] Portsentry Help
- From: "John Cordeiro" <jcordeiro@xxxxxxxxxxxxxxx>
- Date: Thu Feb 15 12:37:05 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
yes if you have snmp enabled exclude that port. If you know the address is a
valid IP on your net you can ignore the IP range of your subnet but the you
risk sniffers and scanners being run internally.
John Cordeiro
-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Michael
Schumacher
Sent: Thursday, February 15, 2001 1:54 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] Portsentry Help
Is there a good source out there for portsentry help. I have installed it,
but need help tweaking the settings. Right now I am getting the following
for several people on our local network:
Feb 15 13:12:31 www portsentry[5401]: attackalert: UDP scan from host:
192.168.1.64/192.168.1.64 to UDP port: 161
I've checked on these machines and they are not doing anything unusual that
I can see. The machine that I am running portsentry on is our corporate web
server/e-commerce site and our mail server.
Any ideas? Would it be bad not to watch port 161? I think this is the SNMP
port.
TIA.
______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup
_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users