[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Same IP scan again and again and again

Subject: Re: [cobalt-security] Same IP scan again and again and again
From: "Andy Clyde, oxfordmusic.net" <cobalt-security@xxxxxxxxxxxxxxx>
Date: Tue, 15 Jul 2003 17:39:06 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> > 
> > I am sick to death of getting this:
> > 
> > Active System Attack Alerts
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=
> > Jul 15 16:49:17 ns1 portsentry[1216]: attackalert: Connect from host:
> > 63.215.251.101/63.215.251.101 to UDP port: 135 Jul 15 
> > 16:49:17 ns1 portsentry[1216]: attackalert: Host: 
> > 63.215.251.101 is already blocked. Ignoring
> > 
> > OK so its not actually getting through, but this same IP 
> > address (level3
> > apparently) has been doing this every 15 minutes for hours on 
> > end for weeks. I have told level3 about it countless times, 
> > but they don't even acknowledge my emails. Any ideas as to 
> > what I can do?
> > What are they up to?
> > 
> Block the port number completely
> 

ipchains -A input -p tcp --dport 135 -j DENY 

should do the job if you're on a RaQ4.

andy

References:
- RE: [cobalt-security] Same IP scan again and again and again
  - From: Michele Neylon:: Blacknight Solutions

Prev by Date: RE: [cobalt-security] Same IP scan again and again and again
Next by Date: Re: [cobalt-security] Same IP scan again and again and again
Previous by thread: RE: [cobalt-security] Same IP scan again and again and again
Next by thread: Re: [cobalt-security] Same IP scan again and again and again

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index