On Thu, Feb 22, 2001 at 04:23:19PM -0500, Brent wrote:
> i just cvsup my and did make world & kernel...--mergemaster...all is
> good....so just to tighten things up a bit ..i installed portsentry from the
> ports collection...installed without a prob...the FreeBSD box is on a very
> large internel network ( its our LAN resourse machine) it runs a bunch of
> company mailing lists ..as well as a web server among other things BUT I
> DONT HAVE SAMBA installed....my question is this....i port scanned the
> machine from another machine on the network...just to see what would
> happen...and sure enough it mailed me...letting me know whats up.....THE
> THING IS..it say its being scanned by 12 other machines on the network (i
> know for fact it really isnt) ..ALL on port 161 what the heck runs on
> port 161 ????
more /etc/services
...
snmp 161/tcp
snmp 161/udp
...
I'm not sure why you mentioned SAMBA.
I think you're being confused by portsentry telling you your machine
is "being portscanned" when really it's just some routers or
management nodes trying to connect to the SNMP service on your machine
for management purposes. It's the same problem which causes people
with Windows "personal firewall" software to go to red alert when they
see a remote system returning an ICMP Unreachable packet at them,
because the software is too trigger-happy and tells them they're being
hacked.
Kris
PGP signature