Speaking of portsentry...
Does anyone know what to do w/ this wierdness I get from it ?
/var/log/messages snippet:
Oct 10 08:32:07 buggz1 portsentry[694]: attackalert: Possible stealth scan
from unknown h
ost to TCP port: 111 (accept failed)
Oct 10 08:32:37 buggz1 last message repeated 110318 times
Oct 10 08:33:38 buggz1 last message repeated 224336 times
Oct 10 08:34:39 buggz1 last message repeated 222811 times
Oct 10 08:35:02 buggz1 last message repeated 81037 times
That's rediculous.
grep 111 /etc/services
sunrpc 111/tcp portmapper # RPC 4.0 portmapper TCP
sunrpc 111/udp portmapper # RPC 4.0 portmapper UDP
I'm guess that's nfs somehow ?
On Fri, 13 Oct 2000, Steve Curry wrote:
> Also when you have time go to www.freshmeat.net and do a search for
> portsentry. This program will automatically put the IP of anyone doing a
> portscan on your system into the hosts.deny and also blackhole them in your
> route table. I use this program on all our boxes and it works great. It can
> also be setup to fire an email at you when "events" happen.
>
--
Ed June
[EMAIL PROTECTED]
Linux: An open choice for free people worldwide.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
