I have question related to portsentry. Doing
/usr/sbin/lsof -i -n -P shows that many ports are not used
but they are listened to by portsentry. How useful is it in terms
of security? Pardon my lack of knowledge in security issues, I am
trying to understand ...
I must admit that adding filters in the router does not ring any
bell...Security issues are my main concern for now. I will learn.
Thanks.
Dominic.
Kerry Webb <[EMAIL PROTECTED]> writes:
> Port 1080 is for proxy services. The attacker probally didn't do
> any tcp sequencing to find out what OS you were running. Most of
> the exploits on 1080 are directed to M$ NT proxy servers. I also
> rely on portsentry and hostsentry and swear by it. Darn good
> software. Although I run portsentry, I also put filters in my
> router because I like the packet logging that Cisco's do. If you
> have such a setup, I would recommend doing the same.
>
> On 6 Mar 2001, Dominic Mitchell wrote:
>
> >
> >
> > Hi,
> >
> > Portsentry has detected many attempts to port 1080. It seems to
> >have been block succesfully. I have a firewall installed. I have
>
> >tried to close as many services as possible. For sure some
> >services are running which should not due to a lack of knowledge
> >on my part.
> >
> > What is port 1080 for? What is the next sensible thing to do?
> >
> >
> > First attack:
> >
> > Mar 6 15:49:30 rlevesque portsentry[734]: attackalert: Connect
> >from host: saglac122.destination.ca/209.47.101.124 to TCP port:
> >1080 Mar 6 15:49:30 rlevesque portsentry[734]: attackalert: Host
> >209.47.101.124 has been blocked via wrappers with string: "ALL:
> >209.47.101.124" Mar 6 15:50:23 rlevesque portsentry[734]:
> >attackalert: Connect from host:
> >saglac122.destination.ca/209.47.101.124 to TCP port: 1080 Mar 6
> >15:50:23 rlevesque portsentry[734]: attackalert: Host:
> >209.47.101.124 is already blocked. Ignoring Mar 6 15:50:30
> >rlevesque portsentry[734]: attackalert: Connect from host:
> >saglac122.destination.ca/209.47.101.124 to TCP port: 1080 Mar 6
> >15:50:30 rlevesque portsentry[734]: attackalert: Host:
> >209.47.101.124 is already blocked. Ignoring
> >
> > Second attack:
> >
> > Mar 6 16:15:46 rlevesque portsentry[734]: attackalert: Connect
> >from host: 02-071.051.popsite.net/64.24.21.71 to TCP port: 1080
> >Mar 6 16:15:46 rlevesque portsentry[734]: attackalert: Host
> >64.24.21.71 has been blocked via wrappers with string: "ALL:
> >64.24.21.71" Mar 6 16:15:46 rlevesque portsentry[734]:
> >attackalert: Connect from host:
> >02-071.051.popsite.net/64.24.21.71 to TCP port: 1080 Mar 6
> >16:15:46 rlevesque portsentry[734]: attackalert: Host:
> >64.24.21.71 is already blocked. Ignoring Mar 6 16:34:44 rlevesque
>
> >portsentry[734]: attackalert: Connect from host:
> >02-071.051.popsite.net/64.24.21.71 to TCP port: 1080 Mar 6
> >16:34:44 rlevesque portsentry[734]: attackalert: Host:
> >64.24.21.71 is already blocked. Ignoring
> >
> > Third attack:
> >
> > Mar 6 17:36:14 rlevesque portsentry[734]: attackalert: Connect
> >from host: 08-112.051.popsite.net/64.24.23.112 to TCP port: 1080
> >Mar 6 17:36:14 rlevesque portsentry[734]: attackalert: Host
> >64.24.23.112 has been blocked via wrappers with string:
> >"ALL:64.24.23.112"
> >
> > Fourth attack:
> >
> >
> > Mar 6 18:03:50 rlevesque portsentry[734]: attackalert: Connect
> >from host: sarc3b180.snip.net/209.204.89.180 to TCP port: 1080
> >Mar 6 18:03:50 rlevesque portsentry[734]: attackalert: Host
> >209.204.89.180 has been blocked via wrappers with string: "ALL:
> >209.204.89.180"
> >
> >
> >
> >
> >
>
>
>
> _______________________________________________ Redhat-list
> mailing list [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
