[CLUE-Tech] Portsentry caught someone ...
Kevin Cullis
kevincu at orci.com
Tue Feb 13 22:16:59 MST 2001
Hey all,
I saww the program "Hackers" on Frontline tonight and thought I'd check
my var/log/messages. This is what I found:
Feb 7 21:25:34 cullis portsentry[2603]: attackalert: Unknown Type:
Packet Flags: SYN: 1 FIN: 1 ACK: 0 PSH: 0 URG: 0 RST: 0 from host:
www.unionpower.com.tw/211.72.69.17 to TCP port: 53
Feb 7 21:25:34 cullis portsentry[2603]: attackalert: External command
run for host: 211.72.69.17 using command: "/some/path/here/script
211.72.69.17 53"
Feb 7 21:25:34 cullis portsentry[2603]: attackalert: Host 211.72.69.17
has been blocked via wrappers with string: "ALL: 211.72.69.17"
Feb 7 21:25:34 cullis portsentry[2603]: attackalert: Host 211.72.69.17
has been blocked via dropped route using command: "/sbin/route add -host
211.72.69.17 reject"
Maybe you security gurus can help me understand this stuff a little
better.
Anyway, I thought it was interesting.
Kevin
More information about the clue-tech
mailing list