On Sat, Aug 16, 2003 at 07:10:43PM -0500, Robert Canary wrote: > I've tried tcpdump. However, this is a stealth syn attack. I used > #>tcpdump -u root -i any port 1080 > > I can watch the log files as portsentry continues to log the attempts, > but tcpdump shows nothing. > > Any more ideas?
Guess: something on the same host is trying to open that port and portsentry is blocking/then logging that. I've seen ps mistakenly id this kind of thing as an attack. -- Hal Burgiss -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
