RE: [cobalt-users] Portscan message

["Joseph A. Hurdt" <lists@xxxxxxxxxxxxxxxxxxxxxxx>]

I assume that you have installed the Security Hardening Update 2.0.1,
which would explain why you are receiving this message.  The Security
Hardening Update includes modifications to the Cobalt Admin GUI and you
can go to 'Control Panel' and then click on the 'Parameters' for 'Scan
Detection'.  There you can have the RaQ 'Log & Block' in the drop-down
menu.

If you need more information, see the full instruction manual for the
Update at
http://www.sun.com/hardware/serverappliances/pdfs/support/RaQ_4_SHP_UG.p
df.


Best Wishes,
~jh


-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx] On Behalf Of Bob G7
Sent: Tuesday, August 13, 2002 6:25 AM
To: Cobalt-Users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] Portscan message


I got the following message this morning from my RaQ4, all
patches/updates:

-A possible port scan of your computer has been detected. Your computer
has -rejected multiple connection attempts from the same source. The
following -line describes the IP packet that rejected the latest
attempt:

-eth0:portscan: tcp xx.xx.xx.xx/27374 -> 172.132.45.13/1145 40 rst (16)

Ping Plotter says the offender is AC89D0D.ipt.aol.com

My question is, now that portscanner has done it's job very well, does
portscanner now place the offender into a file to block them from
possible future 'attacks' or do I need to add them to something like
'hosts.deny'. I check the archives some and Google but I may have missed
the answer.

Thanks in advance.


_____________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users