[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] portsentry question

Subject: [ale] portsentry question
From: jkinney at localnetsolutions.com (James Kinney)
Date: Thu, 31 May 2001 17:58:09 -0400 (EDT)

I seem to have portsentry installed curtesy of a new RH7.1

It is going bezerk about port 143.

May 31 17:45:11 archimedes portsentry[3236]: attackalert: Possible stealth
scan from unknown host to TCP port: 143 (accept failed)
May 31 17:45:41 archimedes last message repeated 211631 times
May 31 17:46:42 archimedes last message repeated 417977 times
May 31 17:47:43 archimedes last message repeated 417348 times
May 31 17:48:44 archimedes last message repeated 418007 times
May 31 17:49:45 archimedes last message repeated 417566 times

My other network indicators don't show any traffic that could support this
kind of loading. It, of course, goes away when I tell portsentry to not
look at 143.

The docs are slim, no man page, website docs are minimal.

I like the idea of portsentry, but right now it's eating an entire
processor! Glad I've got 2 :)

-- 
James P. Kinney III   \Changing the mobile computing world/
President and COO      \          one Linux user         /
Local Net Solutions,LLC \           at a time.          /
770-493-8244             \.___________________________./

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

Prev by Date: [ale] TAR Problems
Next by Date: [ale] portsentry question
Previous by thread: [ale] TAR Problems
Next by thread: [ale] portsentry question
Index(es):
- Date
- Thread