[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] log/messages after Portsentry install
- Subject: Re: [cobalt-users] log/messages after Portsentry install
- From: flash22@xxxxxxx
- Date: Fri May 4 15:01:00 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Sat, 5 May 2001, Zarrir Junior wrote:
> I have successfully installed Portsentry 1.0 on my Raq3. Some minutes
> later, this was logged:
>
> : SYN/Normal scan from host: 213.154.148.60/213.154.148.60 to TCP port: 111
> May 4 23:57:39 ns portsentry[13837]: attackalert: Host 213.154.148.60 has
[etc etc]
> Both on port 111. My question is: Are these false alarms or what?
> Some more minutes later, my server IP got included in the hosts.deny file as
> i started to have problems with SSL certificates when trying to log via
You have probably been getting poked at all along, but you never saw it
because you weren't looking, now you will see all the silly things that go
on on the net ;)
I get poked at 10-15 times a day lately....The port 111 scans are more or
less trivial, other than to tell you about what's going on...(and to
elucidate you as to just how many hosed machines are out there ;)
Getting your own IP address in the hosts.deny file means you didn't
configure portsentry properly, you are supposed to give it a list of
addresses it should always ignore. You also need to make sure it's
ignoring the ssl ports..
There is i suppose the small change your machine is doing something evil
and happened to scan itself ;)
gsh