[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Netstat Report Question: portsentry???
- Subject: Re: [cobalt-users] Netstat Report Question: portsentry???
- From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
- Date: Sun Apr 22 05:05:06 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
"Wayne Sagar" <wsagar@xxxxxxxx> wrote:
> When watching a series of netstat reports (netstat -c) I notice some
> interesting connects, or attempts.
>
> It seems that the search engines are having a hard time connecting, as
well
> as proxy servers.. below are a couple of examples of what I'm seeing (my
> server name changed to protect the innocent)
>
> tcp 0 0 www.mine.co:www proxy1-external.o:26749 TIME_WAIT
>
> tcp 0 0 www.mine.co:www j200.inktomi.com:34274 TIME_WAIT
>
> In fact, if I sit there long enough I never see any ESTABLISHED message
> from these two types of connects. It does not seem to be be a connectivity
> problem, other connects are quite fast in going from TIME_WAIT to
ESTABILSHED
The meaning of the different states isn't my forte, but...
> Could this be something going on with portsentry? I don't see any connects
> from the IP's in the hosts.deny or logcheck report (which is mostly full
of
> attempts at port 137)
If the IPs aren't listed in hosts.deny then it has nothing to do with
portsentry. Besides, IPs only get added to hosts.deny if a machine on that
IP tries to connect to a port that you're not running services on (or
mutiple ports depending how you have portsentry setup). The search engines
would be connecting to port 80 (and probably only port 80), which should be
a port that you normally have a service running on. ;-)
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/