Heya Guys,
I just got sent this from log sentry.
I've never seen this before.
Is this bad ? Do I need to start panicking ?
Thanks,
Kam.
Dec 14 06:51:51 www portsentry[22046]: attackalert: TCP SYN/Normal scan
from host: cs24174162-200.satx.rr.com/24.174.162.200 to TCP port: 445
Dec 14 06:51:51 www portsentry[22046]: attackalert: Host 24.174.162.200
has been blocked via dropped route using command: "/sbin/route add -host
24.174.162.200 reject"
Dec 14 06:51:53 www portsentry[22046]: attackalert: External command run
for host: 24.174.162.200 using command:
"/etc/portsentry/port.alert 24.174.162.200 445"