[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Help with Port 69 & Portsentry / Logcheck
- Subject: [cobalt-users] Help with Port 69 & Portsentry / Logcheck
- From: "tony simpson" <tonysimpson123@xxxxxxxxxxx>
- Date: Wed Feb 21 19:07:58 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
<sorry about the accidental double-post - if it did>
Hi,
I really need some help with Portsentry & Logcheck on my cobalt RaQ4r.
I've got them both installed as the instructions say and I think that I
understand what is going on quite well. However, Logcheck is emailing me,
telling me the following:-
Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Feb 19 09:04:37 www portsentry[15570]: attackalert: Connect from host:
192.168.1.1/192.168.1.1 to UDP port: 69
Feb 19 09:04:37 www portsentry[15570]: attackalert: Host: 192.168.1.1 is
already blocked. Ignoring
Feb 19 09:04:41 www portsentry[15570]: attackalert: Connect from host:
192.168.1.1/192.168.1.1 to UDP port: 69
Feb 19 09:04:41 www portsentry[15570]: attackalert: Host: 192.168.1.1 is
already blocked. Ignoring
Feb 19 09:04:46 www portsentry[15570]: attackalert: Connect from host:
192.168.1.1/192.168.1.1 to UDP port: 69
..and it continues every 5 seconds or so. So, there is a UDP-thing
happening on port 69 every
Also I've noticed the following happening in the maillog (this is the top of
it):-
Feb 19 04:15:02 www imapd[25175]: imap service init from 127.0.0.1
Feb 19 04:15:02 www imapd[25175]: Logout user=??? host=localhost [127.0.0.1]
Feb 19 04:15:03 www sendmail[25177]: NOQUEUE: localhost [127.0.0.1] did not
issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Feb 19 04:30:01 www imapd[25762]: imap service init from 127.0.0.1
Feb 19 04:30:01 www imapd[25762]: Logout user=??? host=localhost [127.0.0.1]
Feb 19 04:30:02 www sendmail[25764]: NOQUEUE: localhost [127.0.0.1] did not
issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Feb 19 04:45:02 www imapd[26347]: imap service init from 127.0.0.1
Feb 19 04:45:02 www imapd[26347]: Logout user=??? host=localhost [127.0.0.1]
Feb 19 04:45:03 www sendmail[26349]: NOQUEUE: localhost [127.0.0.1] did not
issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Feb 19 05:00:02 www imapd[26934]: imap service init from 127.0.0.1
This seems to be every 15 minutes now, but only started at the above time -
when I wasn't doing anything - I was asleep!
Can anyone offer me any help with the email problem or the Portsentry
problem - or at least explain what is going on?
Many thanks
Tony
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.