[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] PortSentry/Active System Attacks
- Subject: Re: [cobalt-security] PortSentry/Active System Attacks
- From: "Kevin D" <kdlists@xxxxxxxxxxxxxxx>
- Date: Tue, 15 May 2001 09:08:25 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Aw come on lawrence, its just an itty bitty port scan :)
Kevin
From: "Lawrence Frewin of Accommodation.com"
> An unusual report from Portsentry this evening:
>
> May 14 21:00:34 raq portsentry[572]: attackalert: SYN/Normal scan from
host:
> boron.eu.sun.com/1$
> May 14 21:00:34 raq portsentry[572]: attackalert: Host 192.18.1.5 has been
> blocked via wrappers$
> May 14 21:00:34 raq portsentry[572]: attackalert: Host 192.18.1.5 has been
> blocked via dropped $
> May 14 21:00:35 raq kernel: Packet log: input DENY eth0 PROTO=6
> 192.18.1.5:63474 x.x.x.x:$
> May 14 21:00:36 raq kernel: Packet log: input DENY eth0 PROTO=6
> 192.18.1.5:63478 x.x.x.x:$
> May 14 21:00:38 raq kernel: Packet log: input DENY eth0 PROTO=6
> 192.18.1.5:63474 x.x.x.x:$
> May 14 21:00:39 raq kernel: Packet log: input DENY eth0 PROTO=6
> 192.18.1.5:63478 x.x.x.x:$
> May 14 21:00:45 raq kernel: Packet log: input DENY eth0 PROTO=6
> 192.18.1.5:63474 x.x.x.x:$
> May 14 21:00:45 raq kernel: Packet log: input DENY eth0 PROTO=6
> 192.18.1.5:63478 x.x.x.x:$
> May 14 21:00:50 raq 4 kernel: Packet log: input DENY eth0 PROTO=6
> 192.18.1.5:63595 x.x.x.x:$
>
> and so on....
>
> Is there a valid reason why we would be seeing this activity from Sun
> Microsystems?