[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Portscan Question



on 9/23/02 1:01 PM, Bob G7 stated:

> eth0:portscan: tcp xx.xx.xx.xx/27374 -> 211.230.113.64/3656 40 rst (21)
> 
> Question is, were they trying to scan port 27374? Phoenix.log shows the
> attempt, but where do I add this to block them from trying again.

You can add them to your /etc/hosts.deny file with

ALL: 211.230.113.64

I would recommend grabbing the security files from Gerald's site. We get the
alerts via email and they are automagically added to the hosts.deny and
another file.
-- 
Thanks!!
Dave Thurman
The Web Presence Group / www.webpresencegroup.net
Listonly <at> webpresencegroup.net / Spam Block 8^Q