[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] PortSentry/Active System Attacks
- Subject: RE: [cobalt-security] PortSentry/Active System Attacks
- From: "Chris Burton" <Chris@xxxxxxxxxxxxxxxxxx>
- Date: Sun, 13 May 2001 09:59:20 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi,
If it was one of your customers then a reinstall do anything to help, try
and find out if it was a customer that did it. If you dont have customers
(or other users) then look at the state of the RAQ has it been compromised
or not ?
ChrisB.
-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of William
Lessard
Sent: 13 May 2001 08:54
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-security] PortSentry/Active System Attacks
Talking about Port Scan. My Raq3 was used for one couple days ago. What
can I do to stop this? Worst case is redo the whole server. But how can I
since there is no cd. Any and all help will be greatly appreciated.
William
-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Dave
Sent: Friday, May 11, 2001 12:38 PM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-security] PortSentry/Active System Attacks
Sent: Friday, May 11, 2001 1:17 PM
Subject: Re: [cobalt-security] PortSentry/Active System Attacks
> I strongly disagree. While it is not "illegal" to portscan some else's
> systems (depending on the country you live in), it is generally indicitive
> of something happening on the source machine. Nothing may happen to you,
> but I'm sure that the source administrator would appreciate hearing that
> one of his boxes is doing portscans. By letting him know, you have
> possibly stopped the problem before it gets to you.
: everybody as he sees fit. But IF I'd report each and any portscan to the
: admin of the originating network(s) I'd do nothing else the whole day.
Today
: has been a quite day. I've been portscanned five times so far in the last
19
: hours, all from different networks. And there were seven or eight attempts
to
: access port 111. All of them were firewalled by Portsentry with IPChains.
This seems to be a question for each individual. When I see my box getting
scanned,
I find out who it is then, depending on factors like who it is, what country
and other
information like the registered e-mail addys for the offending ISP, I just
use
a gut-feeling.
I don't believe that never OR always are good solutions. Trust your
instinct.
Weird,
usually the ones I do report seem VERY interested in my report. Also, it
depends on
WHICH port they scanned - know your ports/why this port is getting scanned.
Dave~
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security