[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Si Becker <71362.22@xxxxxxxxxxxxxx>

Subject: Re: [cobalt-security] Si Becker <71362.22@xxxxxxxxxxxxxx>
From: Gerald Waugh <gerald@xxxxxxxxx>
Date: Wed, 26 Dec 2001 01:48:22 -0500
Organization: Front Street Networks LLC
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Tuesday 25 December 2001 08:25 pm, you wrote:
> Can anyone tell me how to stop this idiot from scanning the servers, have
> changed the port of ssh a while back so I'm not fussed about the port 22
> scan and portsentry and IP Chains are doing their thing. But this is
> happening nearly every day now, has anyone else seen scans from this
> source...
>
> Portsentry had an alert to ns.xxxxxxxxxxxxxxx.com from the following IP
> address and port:
> 211.174.38.152 22   < ------  This IP Changes all the time
> Service:
> ssh              22/tcp    SSH Remote Login Protocol
> ssh              22/udp   SSH Remote Login Protocol
> #                 Si Becker <71362.22@xxxxxxxxxxxxxx>  <------- This is
> constant as is the ports being scanned
>

You might deny the IP in ipchains. You could just deny for ssh or deny him 
everything.

Gerald

Follow-Ups:
- [cobalt-security] [question] how to urge users to https sites
  - From: markus noeske

References:
- [cobalt-security] Si Becker <71362.22@xxxxxxxxxxxxxx>
  - From: Render-Vue

Prev by Date: RE: [cobalt-security] Backing Up
Next by Date: [cobalt-security] [question] how to urge users to https sites
Previous by thread: Re: [cobalt-security] Si Becker <71362.22@xxxxxxxxxxxxxx>
Next by thread: [cobalt-security] [question] how to urge users to https sites

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index