[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] UDP Scans

Subject: Re: [cobalt-security] UDP Scans
From: shimi <shimi@xxxxxxxxxxxxxxxx>
Date: Fri, 6 Jul 2001 04:24:52 -0700 (PDT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Fri, 6 Jul 2001, Simon Wilson wrote:

> Hi
> I know I asked this the other day but I've still no answer here or from any
> other source.
> When I switch on Portsentry it reports 100s of scans on UDP from what I
> assume are all the other boxes on the farm my box is on. ie:
> 
> 222.222.222.30
> 222.222.222.45
> 222.222.222.199
> 222.222.222.169
> 222.222.222.178
> 222.222.222.100
> 
> In other words they have the same IP address as me except the last number.
> The go on scanning, and portsentry goes on banning them all. On and on and
> on until the log files are enormous.
> What is going on? is this normal or have I set it up wrong?
> The TCP part of portsentry seems to work OK picking up scans on 111 from
> Korea etc. but the UDP one just goes nuts...100's of repeated attempts all
> from similar address.
> 
> Any ideas?
> 
> Thanks
> Simon
> 

To and from what ports? (source and destination)

- shimi.

Follow-Ups:
- RE: [cobalt-security] UDP Scans
  - From: Simon Wilson
- RE: [cobalt-security] UDP Scans
  - From: Carrie Bartkowiak

References:
- [cobalt-security] UDP Scans
  - From: Simon Wilson

Prev by Date: [cobalt-security] UDP Scans
Next by Date: Re: [cobalt-security] UDP Scans
Previous by thread: [cobalt-security] UDP Scans
Next by thread: RE: [cobalt-security] UDP Scans

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index