[CLUE-Tech] Portsentry caught someone ...
Brandon N
bneill at yahoo.com
Wed Feb 14 13:24:01 MST 2001
You might check this out too:
http://freshmeat.net/projects/portsentrymod/
--- Kevin Cullis <kevincu at orci.com> wrote:
> Hey all,
>
> I saww the program "Hackers" on Frontline tonight and thought I'd
> check
> my var/log/messages. This is what I found:
>
> Feb 7 21:25:34 cullis portsentry[2603]: attackalert: Unknown Type:
> Packet Flags: SYN: 1 FIN: 1 ACK: 0 PSH: 0 URG: 0 RST: 0 from host:
> www.unionpower.com.tw/211.72.69.17 to TCP port: 53
> Feb 7 21:25:34 cullis portsentry[2603]: attackalert: External
> command
> run for host: 211.72.69.17 using command: "/some/path/here/script
> 211.72.69.17 53"
> Feb 7 21:25:34 cullis portsentry[2603]: attackalert: Host
> 211.72.69.17
> has been blocked via wrappers with string: "ALL: 211.72.69.17"
> Feb 7 21:25:34 cullis portsentry[2603]: attackalert: Host
> 211.72.69.17
> has been blocked via dropped route using command: "/sbin/route add
> -host
> 211.72.69.17 reject"
>
> Maybe you security gurus can help me understand this stuff a little
> better.
>
> Anyway, I thought it was interesting.
>
> Kevin
>
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35
a year! http://personal.mail.yahoo.com/
More information about the clue-tech
mailing list