[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Portsentry Queston Port 161

Subject: [cobalt-users] Portsentry Queston Port 161
From: Wayne Sagar <wsagar@xxxxxxxx>
Date: Wed Apr 11 20:27:05 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

I've got portsentry running and had a message from the log report that I'd
had a probe on the SNMP port 161... and it blocked them.. one problem, the
probe was from my server farm's IP block.. Could this be interpreted as a
possible "should have happened" query by the farm and their DNS service?
(Apr 12 03:06:02 www portsentry[529]: attackalert: Connect from host:
nat-151-100.lixxxxm.net/2xx.1xx.1xx.1xx to UDP port: 161 <xx's are my
edit>) Or should I assume that someone has a box in their system comprimised?

I did order an additional domain added to my virt list yesterday... Since
they handle the DNS for the box... do I need to leave this port open for
them? Or should I be asking this question of them (probably both here and
there would not hurt I guess)

Anyway... TIA..

Wayne Sagar

Follow-Ups:
- Re: [cobalt-users] Portsentry Queston Port 161
  - From: flash22

Prev by Date: Re: [cobalt-users] A Word About Cobaltracks.Com and Bandwidth Usage
Next by Date: Re: [cobalt-users] ssh RH 7 in RAQ 3
Previous by thread: RE: [cobalt-users] FP Extensions on RAQ4
Next by thread: Re: [cobalt-users] Portsentry Queston Port 161

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index