[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Portscan message

Subject: Re: [cobalt-users] Portscan message
From: "Dave~" <cobaltraq4@xxxxxxx>
Date: Tue Aug 13 21:10:00 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

----- Original Message -----
Subject: [cobalt-users] Portscan message


> -A possible port scan of your computer has been detected. Your computer has
> -rejected multiple connection attempts from the same source. The following
> -line describes the IP packet that rejected the latest attempt:
>
> My question is, now that portscanner has done it's job very well, does
> portscanner now place the offender into a file to block them from possible
> future 'attacks' or do I need to add them to something like 'hosts.deny'. I
> check the archives some and Google but I may have missed the answer.

Going by memory (dangerous) but all info needed to answer this question has
been discussed here a few times- so rather than me looking it up...

Assuming this is from the new hardening patch, I believe the block is only
good for 5 minutes.  For continual offenders goto the GUI, Control Panel,
click on parameters next to 'scan detection'.  There are windows to add repeat
offenders, as well as, add IP addys NEVER to block- like your own.  I wouldn't
bother much with the AOhell thing though as all one has todo there is hang up
and dial again- new IP/addy so it's futile.   hosts.deny is something you
should start to learn and understand and has also been discussed in the
archives.

FWIW,

Dave~

References:
- [cobalt-users] Portscan message
  - From: Bob G7

Prev by Date: RE: [cobalt-users] set date
Next by Date: RE: [cobalt-users] MX Problem Configuration Error
Previous by thread: [cobalt-users] Portscan message
Next by thread: RE: [cobalt-users] Portscan message

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index