[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Portsentry detection (all raqs)

Subject: Re: [cobalt-security] Portsentry detection (all raqs)
From: "Mark Anderson" <cronus@xxxxxx>
Date: Mon, 1 Oct 2001 11:18:52 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> Sep 30 05:53:38 www portsentry[386]: attackalert: Host: 217.72.160.65 is
already blocked. Ignoring
> Sep 30 05:53:42 www portsentry[386]: attackalert: Connect from host:
217.72.160.65/217.72.160.65 to UDP port: 69
Port 69 is TFTP (trivial file transfer protocol) which is used by one of the
latest windows worms. Its attempting to spread itself, and as it scans
random IPs there really isn't any thought behind scanning your RAQs.
It poses no threat to your servers, but sustained scanning could easily
begin to eat into your bandwidth.

Mark Anderson.

References:
- [cobalt-security] Portsentry detection (all raqs)
  - From: James Mackay

Prev by Date: RE: [cobalt-security] Problems running nessus
Next by Date: [cobalt-security] remove
Previous by thread: [cobalt-security] Portsentry detection (all raqs)
Next by thread: [cobalt-security] remove

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index