[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] attackalert: Unknown Type
- Subject: [cobalt-security] attackalert: Unknown Type
- From: "Kai Schantz, Euroweb" <kai@xxxxxxxxxx>
- Date: Fri, 22 Jun 2001 08:27:26 +0200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi,
In my logs from yeasterday portsentery has "attackalert: Unknown Type" and
it seems like the blocking is not working the way it should -or maby it is.
Anyway under here there is a cut from the log, and i would be happy if
sombody new what kind of attack we are talking about?
"
Jun 20 10:52:36 www portsentry[1003]: attackalert: Unknown Type: Packet
Flags: SYN: 1 FIN: 1 ACK: 0 PSH: 0 URG: 0 RST: 0 from host:
195.101.179.1/195.101.179.1 to TCP port: 111
Jun 20 10:52:36 www portsentry[1003]: attackalert: Host 195.101.179.1 has
been blocked via wrappers with string: "ALL: 195.101.179.1"
Jun 20 10:52:36 www portsentry[1003]: attackalert: Unknown Type: Packet
Flags: SYN: 1 FIN: 1 ACK: 0 PSH: 0 URG: 0 RST: 0 from host:
195.101.179.1/195.101.179.1 to TCP port: 111
Jun 20 10:52:36 www portsentry[1003]: attackalert: Host:
195.101.179.1/195.101.179.1 is already blocked Ignoring
Jun 20 10:52:36 www portsentry[1003]: attackalert: Unknown Type: Packet
Flags: SYN: 1 FIN: 1 ACK: 0 PSH: 0 URG: 0 RST: 0 from host:
195.101.179.1/195.101.179.1 to TCP port: 111
Jun 20 10:52:36 www portsentry[1003]: attackalert: Host:
195.101.179.1/195.101.179.1 is already blocked Ignoring
"
The Ip resolves to:
195.101.179.0 - 195.101.179.7
netname: FR-MALESHERBES-PUBLICATION
descr: Malesherbes Publication
country: FR
admin-c: JG8800-RIPE
tech-c: JG8800-RIPE
status: ASSIGNED PA
notify: addr-reg@xxxxxxx
mnt-by: RAIN-TRANSPAC
changed: addr-reg@xxxxxxx 20010129
source: RIPE
(we are mainly hosting sites in Norwegian)
sincerely
Kai R
euroweb
norway