[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] port sentry alert

Subject: Re: [cobalt-security] port sentry alert
From: Paul Jacobs <paul@xxxxxxxxxxxxxxxxxx>
Date: Sun, 15 Dec 2002 21:32:50 -0800
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

At 09:18 PM 12/15/2002, you wrote:

Heya Guys,

I just got sent this from log sentry.
I've never seen this before.
Is this bad ? Do I need to start panicking ?

Thanks,
Kam.
Dec 14 06:51:51 www portsentry[22046]: attackalert: TCP SYN/Normal scanfrom host: cs24174162-200.satx.rr.com/24.174.162.200 to TCP port: 445
Dec 14 06:51:51 www portsentry[22046]: attackalert: Host 24.174.162.200has been blocked via dropped route using command: "/sbin/route add -host24.174.162.200 reject"
Dec 14 06:51:53 www portsentry[22046]: attackalert: External command runfor host: 24.174.162.200 using command:
"/etc/portsentry/port.alert 24.174.162.200 445"


Port 445 is used in windows 2000.

_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security

References:
- [cobalt-security] port sentry alert
  - From: Kameel

Prev by Date: Re: [cobalt-security] port sentry alert
Next by Date: Re: [cobalt-security] Best way to patch restored raq4r?
Previous by thread: Re: [cobalt-security] port sentry alert
Next by thread: RE: [cobalt-security] New update from SUN.. dare i try it?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index