[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] RaQ4 - Help with Portsentry on Cobalt RaQ4r

Subject: Re: [cobalt-users] RaQ4 - Help with Portsentry on Cobalt RaQ4r
From: "Gerald Waugh" <gerald@xxxxxxxxx>
Date: Tue Feb 20 17:10:59 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

"tony simpson" <tonysimpson123@xxxxxxxxxxx>    wrote
> I'm having some problems setting up Logcheck and Portsentry on my Cobalt
> RaQ4r.  The following log is emailed to me:
>
>
> Feb 20 10:06:06 www portsentry[15570]: attackalert: Connect from host:
> 192.168.1.1/192.168.1.1 to UDP port: 69
> Feb 20 10:06:06 www portsentry[15570]: attackalert: Host: 192.168.1.1 is
> already blocked. Ignoring
> Feb 20 10:06:10 www portsentry[15570]: attackalert: Connect from host:
> 192.168.1.1/192.168.1.1 to UDP port: 69
> Feb 20 10:06:10 www portsentry[15570]: attackalert: Host: 192.168.1.1 is
> already blocked. Ignoring
>
The port is tftp.

Which may be used by some computers to boot up. Unlikely that you have any
units
on your LAN that need a tftp server.

The IP address is a local IP, which probably means you have local network
computer
at 192.168.1. 1 that is connected to your LAN, these local network computers
should
not be connected to eth1 on your server. Or do you have your eth0 listening
to 192.168.1.1?

If your local lan is the source, the IP address for one thing should be
masqueraded.

Gerald

References:
- [cobalt-users] RaQ4 - Help with Portsentry on Cobalt RaQ4r
  - From: tony simpson

Prev by Date: RE: [cobalt-users] Purple? I prefered it blue - [was -Raq2 email DOS issue ]
Next by Date: RE: [cobalt-users] .TV
Previous by thread: Re: [cobalt-users] ownership problems
Next by thread: Re: [cobalt-users] RaQ4 - Help with Portsentry on Cobalt RaQ4r

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index