[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] UDP Scans
- Subject: Re: [cobalt-security] UDP Scans
- From: shimi <shimi@xxxxxxxxxxxxxxxx>
- Date: Fri, 6 Jul 2001 04:24:52 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Fri, 6 Jul 2001, Simon Wilson wrote:
> Hi
> I know I asked this the other day but I've still no answer here or from any
> other source.
> When I switch on Portsentry it reports 100s of scans on UDP from what I
> assume are all the other boxes on the farm my box is on. ie:
>
> 222.222.222.30
> 222.222.222.45
> 222.222.222.199
> 222.222.222.169
> 222.222.222.178
> 222.222.222.100
>
> In other words they have the same IP address as me except the last number.
> The go on scanning, and portsentry goes on banning them all. On and on and
> on until the log files are enormous.
> What is going on? is this normal or have I set it up wrong?
> The TCP part of portsentry seems to work OK picking up scans on 111 from
> Korea etc. but the UDP one just goes nuts...100's of repeated attempts all
> from similar address.
>
> Any ideas?
>
> Thanks
> Simon
>
To and from what ports? (source and destination)
- shimi.