[CLUE-Talk] Preventing Hack Attempts before they Happen
R Frank
rfrank at rfrank.net
Mon May 14 15:54:58 MDT 2001
In reply to:
> > > Wish I knew more about this. I checked my logs and there are 88
> > > different
> > > IP addresses being blocked, most as a result of scans to port 111.
> > > Am I
> > > wrong in thinking that such scans are not evidence of a would-be
> > > hacker?
Jim I. asked:
> What application wrote those IP addresses to the blocked file? If it was a
> utility such as PortSentry, I would say that we could assume malicious
> intent from those IPs until proven otherwise.
Portsentry wrote the messages.
porsentry: attackalert: SYN/Normal scan from host <207.x.x.x>
then followed by
host <207.x.x.x> has been dropped via blocked route using the command ..ipchains..DENY
More information about the clue-talk
mailing list