[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] UDP Scans

Subject: [cobalt-security] UDP Scans
From: "Simon Wilson" <simon@xxxxxxxxxxxxx>
Date: Fri, 6 Jul 2001 10:58:20 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi
I know I asked this the other day but I've still no answer here or from any
other source.
When I switch on Portsentry it reports 100s of scans on UDP from what I
assume are all the other boxes on the farm my box is on. ie:

222.222.222.30
222.222.222.45
222.222.222.199
222.222.222.169
222.222.222.178
222.222.222.100

In other words they have the same IP address as me except the last number.
The go on scanning, and portsentry goes on banning them all. On and on and
on until the log files are enormous.
What is going on? is this normal or have I set it up wrong?
The TCP part of portsentry seems to work OK picking up scans on 111 from
Korea etc. but the UDP one just goes nuts...100's of repeated attempts all
from similar address.

Any ideas?

Thanks
Simon

Follow-Ups:
- Re: [cobalt-security] UDP Scans
  - From: shimi
- Re: [cobalt-security] UDP Scans
  - From: Carrie Bartkowiak
- Re: [cobalt-security] UDP Scans
  - From: Jan P Tietze

Prev by Date: [cobalt-security] poprelayd and sendmail relay authentication problem (Cobalt Raq3) (fwd)
Next by Date: Re: [cobalt-security] UDP Scans
Previous by thread: [cobalt-security] poprelayd and sendmail relay authentication problem (Cobalt Raq3) (fwd)
Next by thread: Re: [cobalt-security] UDP Scans

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index