[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Si Becker <71362.22@xxxxxxxxxxxxxx>
- Subject: [cobalt-security] Si Becker <71362.22@xxxxxxxxxxxxxx>
- From: "Render-Vue" <sales@xxxxxxxxxxxxxx>
- Date: Wed, 26 Dec 2001 14:25:59 +1300
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi yah,
Can anyone tell me how to stop this idiot from scanning the servers, have
changed the port of ssh a while back so I'm not fussed about the port 22
scan and portsentry and IP Chains are doing their thing. But this is
happening nearly every day now, has anyone else seen scans from this
source...
Portsentry had an alert to ns.xxxxxxxxxxxxxxx.com from the following IP
address and port:
211.174.38.152 22 < ------ This IP Changes all the time
Service:
ssh 22/tcp SSH Remote Login Protocol
ssh 22/udp SSH Remote Login Protocol
# Si Becker <71362.22@xxxxxxxxxxxxxx> <------- This is
constant as is the ports being scanned
The other thing is there a script or method of cleaning the host.deny file
after a certain amount of days - the deny file is starting to get a bit big
now and I think I can recollect someone mentioning there was problems after
a certain amount of IP's got listed...could have picked that up wrong though
:>
Hope everyone had a pleasant Xmas
Regards form Auckland
Chae