[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Portsentry detection (all raqs)

Subject: [cobalt-security] Portsentry detection (all raqs)
From: "James Mackay" <jjma@xxxxxxxxxxxxxx>
Date: Mon, 1 Oct 2001 10:25:18 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hello

I've set up portsentry on stealth mode and it has been running well. However over the weekend I've received 100 email from both
servers from the IP address below. (http://www.hotchilli.com  a hosting company in the UK)

Sep 30 05:53:38 www portsentry[386]: attackalert: Host: 217.72.160.65 is already blocked. Ignoring
Sep 30 05:53:42 www portsentry[386]: attackalert: Connect from host: 217.72.160.65/217.72.160.65 to UDP port: 69

Interested to know whether I should email the company to ask why they are scanning this port but unsure as to whether portsentry is
producing bogus alerts?

Thanks

ja

Follow-Ups:
- Re: [cobalt-security] Portsentry detection (all raqs)
  - From: Mark Anderson

Prev by Date: [cobalt-security] Problems running nessus
Next by Date: RE: [cobalt-security] Problems running nessus
Previous by thread: Re: [cobalt-security] - not issue MAIL/EXPN/VRFY/ETRN during connection to M
Next by thread: Re: [cobalt-security] Portsentry detection (all raqs)

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index