Re: warning message from portsentry

To: debian-user@lists.debian.org
Subject: Re: warning message from portsentry
From: Pollywog <croak@shadypond.com>
Date: Thu, 20 Dec 2001 19:44:51 +0000
Message-id: <[🔎] 20011220194451.C1379@lilypad.shadypond.com>
Reply-to: croak@shadypond.com
In-reply-to: <"from croak"@shadypond.com>
References: <[🔎] 20011220140409.D713@tc.niof.net> <"from rick"@niof.net> <[🔎] 20011220193309.A1379@lilypad.shadypond.com>

On 2001.12.20 19:33 Pollywog wrote:

On 2001.12.20 19:04 rick@niof.net wrote:
What does this warning mean and what is causing it?

> Dec 20 12:02:10 tc portsentry[540]: attackalert: Possible stealth scan
> from unknown host to TCP port: 111 (accept failed)

I get it when I run a 2.4 kernel but not when I run a 2.2 kernel so I
believe it's something internal to my system. There are hundreds of them
every hour.
That appears to be Portmapper. If you are not using it, disable it orremove it. Otherwise go into your Portsentry config and remove port111 from the list of ports Portsentry monitors.

Instead of removing the port from the list of ports being watched, you canalso add the host to portsentry.ignore if you think that best.

In mine, I have:

# IPs from /etc/portsentry/portsentry.ignore.static:
127.0.0.1
0.0.0.0
192.168.1.1

I am not sure why 0.0.0.0 is present and I believe it was added by debconfbut it doesn't seem to hurt.



--
Andrew

Reply to:

Follow-Ups:
- Re: warning message from portsentry
  - From: rick@niof.net

References:
- warning message from portsentry
  - From: rick@niof.net
- Re: warning message from portsentry
  - From: Pollywog <croak@shadypond.com>

Prev by Date: Re: print job gone bad--how to kill
Next by Date: XMMS bug
Previous by thread: Re: warning message from portsentry
Next by thread: Re: warning message from portsentry
Index(es):
- Date
- Thread