[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Hacking attempts on certain port what is thisused for?
- Subject: Re: [cobalt-users] Hacking attempts on certain port what is thisused for?
- From: "Carrie Bartkowiak" <ravencarrie@xxxxxxxx>
- Date: Wed Feb 21 22:04:54 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
I get a slightly different message on port 111, see below. ( a whois piped
out through sendmail I think?)
Been getting 3 or so of these each day (from different IPs).
Feb 21 21:35:54 www portsentry[1233]: attackalert: Connect from host:
willow.cc.uic.edu/128.248.155.163 to TCP port: 111
Feb 21 21:35:55 www portsentry[1233]: attackalert: External command run for
host: 128.248.155.163 using command: "/usr/local/bin/whois 128.248.155.163 |
mail -s "
Feb 21 21:35:55 www portsentry[1233]: attackalert: Host 128.248.155.163 has
been blocked via wrappers with string: "ALL: 128.248.155.163"
Feb 21 21:35:55 www portsentry[1233]: attackalert: Host 128.248.155.163 has
been blocked via dropped route using command: "/sbin/route add -host
128.248.155.163 reject"
Gotta love portsentry.
Now if I could just figure out how to *not* clear out the hosts.deny file
when I reboot, I'd be all set. ;)
CarrieB