[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Portsentry & Hack Attempt

Subject: RE: [cobalt-users] Portsentry & Hack Attempt
From: "Nick Clewer" <nickc@xxxxxxxxxxxxxx>
Date: Sun Mar 4 22:34:00 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Ring and ask! :)


> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Steve Buza
> Sent: Monday, 5 March 2001 15:25
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: [cobalt-users] Portsentry & Hack Attempt
>
>
> Hi,
>
> Sorry, this is a bit long, but what does the following log entry tell you?
> nnn.nnn.nnn.nnn is of course the same IP address fo each of the entries in
> the Portsentry log.  Add to this that this IP address is actually one of
> mine.  It is in my dialup modem pool.  And, I have a RADIUS log
> that shows a
> specific user logging in on this IP address at 11:26:04 and logging out at
> 11:45:15.
>
> What should I do about/with this information?  Should I just disable the
> account.  Should I report it to someone, and if so, who?
>
> Mar  3 11:26:44 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 1
> Mar  3 11:26:44 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 11
> Mar  3 11:26:44 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 1
> Mar  3 11:26:44 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 15
> Mar  3 11:26:45 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 11
> Mar  3 11:26:45 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 1
> Mar  3 11:26:45 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 15
> Mar  3 11:26:45 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 11
> Mar  3 11:26:45 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 1
> Mar  3 11:26:46 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 15
> Mar  3 11:26:46 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 11
> Mar  3 11:26:46 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 15
> Mar  3 11:26:48 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 79
> Mar  3 11:26:49 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 79
> Mar  3 11:26:49 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 79
> Mar  3 11:26:50 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP
> port: 111
> Mar  3 11:26:50 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 79
> Mar  3 11:26:50 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP
> port: 111
> Mar  3 11:26:51 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP
> port: 119
> Mar  3 11:26:51 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP
> port: 111
> Mar  3 11:26:51 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP
> port: 119
> Mar  3 11:26:53 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP
> port: 111
> Mar  3 11:26:53 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP
> port: 119
> Mar  3 11:26:53 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP
> port: 143
> Mar  3 11:26:53 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP
> port: 119
> Mar  3 11:26:53 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP
> port: 143
> Mar  3 11:26:54 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP
> port: 143
> Mar  3 11:26:54 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP
> port: 143
> Mar  3 11:27:15 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP
> port: 540
> Mar  3 11:27:15 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP
> port: 540
> Mar  3 11:27:15 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP
> port: 540
> Mar  3 11:27:16 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP
> port: 540
> Mar  3 11:27:20 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP
> port: 635
> Mar  3 11:27:20 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP
> port: 635
> Mar  3 11:27:21 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP
> port: 635
> Mar  3 11:27:22 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP
> port: 635
> Mar  3 11:27:45 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP
> port: 1080
> Mar  3 11:27:45 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP
> port: 1080
> Mar  3 11:27:46 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP
> port: 1080
> Mar  3 11:27:46 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP
> port: 1080
>
> Steve
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users

References:
- [cobalt-users] Portsentry & Hack Attempt
  - From: Steve Buza

Prev by Date: [cobalt-users] Portsentry & Hack Attempt
Next by Date: Re: [cobalt-users] Webserver restart RAQ2
Previous by thread: [cobalt-users] Portsentry & Hack Attempt
Next by thread: Re: [cobalt-users] Portsentry & Hack Attempt

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index