On 2001.12.20 19:33 Pollywog wrote:
On 2001.12.20 19:04 [EMAIL PROTECTED] wrote:
What does this warning mean and what is causing it?
> Dec 20 12:02:10 tc portsentry[540]: attackalert: Possible stealth scan
> from unknown host to TCP port: 111 (accept failed)
I get it when I run a 2.4 kernel but not when I run a 2.2 kernel so I
believe it's something internal to my system. There are hundreds of them
every hour.
That appears to be Portmapper. If you are not using it, disable it or
remove it. Otherwise go into your Portsentry config and remove port
111 from the list of ports Portsentry monitors.
Instead of removing the port from the list of ports being watched, you can
also add the host to portsentry.ignore if you think that best.
In mine, I have:
# IPs from /etc/portsentry/portsentry.ignore.static:
127.0.0.1
0.0.0.0
192.168.1.1
I am not sure why 0.0.0.0 is present and I believe it was added by debconf
but it doesn't seem to hurt.
--
Andrew
