Fabrice Bauzac wrote:
> Hello,
>
> 12 sept. 2020 14:09:14 Dan Ritter :
>
> > John Conover wrote:
> >>
> >> Does portsentry(1) make any sense in systems with ipv6 connectivity?
> >>
> > Yes and no. If you want to know that machines are scanni
Hello,
12 sept. 2020 14:09:14 Dan Ritter :
> John Conover wrote:
>>
>> Does portsentry(1) make any sense in systems with ipv6 connectivity?
>>
> Yes and no. If you want to know that machines are scanning
> ports, yes. If you want to effectively block IPs, no.
Why wo
John Conover wrote:
>
> Does portsentry(1) make any sense in systems with ipv6 connectivity?
>
Yes and no. If you want to know that machines are scanning
ports, yes. If you want to effectively block IPs, no.
You can, of course, block well known IPv6 addresses -- I block
Google's
Does portsentry(1) make any sense in systems with ipv6 connectivity?
Thanks,
John
--
John Conover, cono...@rahul.net, http://www.johncon.com/
> Vadim
> Wed, 13 Oct 2004 11:27:57 -0700
> I am running portsentry and courier, and I am getting this error in my syslog:
>
> imapd-ssl: pmap_getmaps rpc problem: RPC: Unable to receive; errno =
> Connection reset
> by peer
>
> If I stop either of the service
dly hosts blocked from time to time,
and you shouldn't have to restart the daemon to unblock them; just add
them to the permanent ignore list and remove the offending entry in
iptables while portsentry continues to run, which is pretty much the
default behavior you're seeing.
You could pr
I have the following problem:
Wenn I do a nmap to a portsentry protected host
I will be blocked after 3 scans with the following command:
KILL_RUN_CMD="/sbin/iptables -I INPUT -s $TARGET$ -j DROP"
When I flush iptables (iptables -F) and try to nmap
the host again portsentry does no
Hi,
I really not sure whats happening with portsentry, before I start the
daemon I use nmap to see the open ports:
And I get only:
22/tcp open ssh
25/tcp open smtp
80/tcp open http
111/tcp open rpcbind
Then i use nestat too, and I get something like this:
tcp0 0 0.0.0.0:111
Hi,
I really not sure whats happening with portsentry, before I start the
daemon I use nmap to see the open ports:
And I get only:
22/tcp open ssh
25/tcp open smtp
80/tcp open http
111/tcp open rpcbind
Then i use nestat too, and I get something like this:
tcp0 0 0.0.0.0
I am running portsentry and courier, and I am getting this error in my
syslog:
imapd-ssl: pmap_getmaps rpc problem: RPC: Unable to receive; errno = Connection reset
by peer
If I stop either of the services, error stops. There is no mentioning of port 530
(courier rpc) in portsetry.conf. How
Hello,
During the last couple of weeks portsentry is producing a lot of alerts
on connects to ports 540 and 635:
Feb 17 10:04:11 portsentry[949]: attackalert: Connect from
host: / to TCP port: 635
Feb 17 10:04:11 portsentry[949]: attackalert: Host has
been blocked via wrappers with
Hello,
During the last couple of weeks portsentry is producing a lot of alerts
on connects to ports 540 and 635:
Feb 17 10:04:11 portsentry[949]: attackalert: Connect from
host: / to TCP port: 635
Feb 17 10:04:11 portsentry[949]: attackalert: Host has
been blocked via wrappers with
Thomas Shemanske, 2002-Mar-11 16:46 -0500:
> I have a sid system and installed portsentry on it (and several other
> woody machines in the department).
>
> I left it in log-only mode, but immediately after starting it up, I
> discovered that a machine of a colleague of mine is
I have a sid system and installed portsentry on it (and several other
woody machines in the department).
I left it in log-only mode, but immediately after starting it up, I
discovered that a machine of a colleague of mine is
banging away (every three minutes exactly) on port 162 (snmp-trap) on
wrote:
> > >>What does this warning mean and what is causing it?
> > >>
> > >>> Dec 20 12:02:10 tc portsentry[540]: attackalert: Possible stealth
> > >>> scan from unknown host to TCP port: 111 (accept failed)
> > >>
> >
On Thu, Dec 20, 2001 at 07:44:51PM +, Pollywog wrote:
> On 2001.12.20 19:33 Pollywog wrote:
> >On 2001.12.20 19:04 [EMAIL PROTECTED] wrote:
> >>What does this warning mean and what is causing it?
> >>
> >>> Dec 20 12:02:10 tc portsentry[540]: attack
On 2001.12.20 19:33 Pollywog wrote:
On 2001.12.20 19:04 [EMAIL PROTECTED] wrote:
What does this warning mean and what is causing it?
> Dec 20 12:02:10 tc portsentry[540]: attackalert: Possible stealth scan
> from unknown host to TCP port: 111 (accept failed)
I get it when I run a 2.4
On 2001.12.20 19:04 [EMAIL PROTECTED] wrote:
What does this warning mean and what is causing it?
> Dec 20 12:02:10 tc portsentry[540]: attackalert: Possible stealth scan
> from unknown host to TCP port: 111 (accept failed)
I get it when I run a 2.4 kernel but not when I run a 2.2 kerne
What does this warning mean and what is causing it?
> Dec 20 12:02:10 tc portsentry[540]: attackalert: Possible stealth scan
> from unknown host to TCP port: 111 (accept failed)
I get it when I run a 2.4 kernel but not when I run a 2.2 kernel so I
believe it's something internal t
* John Galt ([EMAIL PROTECTED]) [010718 05:28]:
>
> locutus:~# dpkg -l|grep snort
> ii snort 1.7-9 Flexible NIDS (Network Intrusion Detection S
> locutus:~# dpkg -l|grep portsentry
> ii portsentry 1.0-2 Portscan detection daemon
> locutus:~#
Fo
On Wed, 18 Jul 2001, Sam Varghese wrote:
>This is a bit off-topic. Yesterday I read a piece
>at the following URL:
>
>http://www.linux.ie/articles/portsentryandsnortcompared.php
>
>comparing portsentry and snort.
Next on their list is to compare apples and oranges...
>I
> It is the first time I have read anything negative about portsentry.
while a lot of what the author is saying is true portsentry and snort are
two quite different things. really the only thing they have in common is
that they are designed to improve the security of your network/ser
This is a bit off-topic. Yesterday I read a piece
at the following URL:
http://www.linux.ie/articles/portsentryandsnortcompared.php
comparing portsentry and snort.
It is the first time I have read anything negative about
portsentry.
Any comments?
Sam
--
(Sam Varghese)
http://www.gnubies.com
This is the same message I sent to another mailing list, I am really
frustrated.
-- Forwarded message --
Date: Fri, 15 Jun 2001 15:31:25 -0700 (PDT)
Hi All,
I am having a problem with portsentry on kernel 2.4.5 machines. When using
kernel 2.2.19 on the same machine, there is no
I am using unstable, and when trying to install portsentry and I do not get any
errors, but when
checking /etc/portsentry, the directory is completely empty, is this suppose to
be like this?
Another problem I have is when installing logcheck, debconf gives an error:
Working, please wait
25 matches
Mail list logo
