[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] port sentry alert

Subject: Re: [cobalt-security] port sentry alert
From: "Michigan Connect, LLC" <bernie@xxxxxxxxxx>
Date: Mon, 16 Dec 2002 00:42:34 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Noop,

Looks like your firewall caught a scan and has blocked that IP, you should
be happy, it is doing its job.

Bernie--
----- Original Message -----
From: "Kameel" <kameel@xxxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Monday, December 16, 2002 12:18 AM
Subject: [cobalt-security] port sentry alert


> Heya Guys,
>
> I just got sent this from log sentry.
> I've never seen this before.
> Is this bad ? Do I need to start panicking ?
>
> Thanks,
> Kam.
>
> Dec 14 06:51:51 www portsentry[22046]: attackalert: TCP SYN/Normal scan
> from host: cs24174162-200.satx.rr.com/24.174.162.200 to TCP port: 445
>
> Dec 14 06:51:51 www portsentry[22046]: attackalert: Host 24.174.162.200
has
> been blocked via dropped route using command: "/sbin/route add -host
> 24.174.162.200 reject"
>
> Dec 14 06:51:53 www portsentry[22046]: attackalert: External command run
> for host: 24.174.162.200 using command:
> "/etc/portsentry/port.alert 24.174.162.200 445"
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>

References:
- [cobalt-security] port sentry alert
  - From: Kameel

Prev by Date: [cobalt-security] port sentry alert
Next by Date: Re: [cobalt-security] port sentry alert
Previous by thread: [cobalt-security] port sentry alert
Next by thread: Re: [cobalt-security] port sentry alert

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index