[plug] How to stop scanning
Jon Miller
jlmiller at mmtnetworks.com.au
Thu Mar 4 08:10:32 WST 2004
In my /var/log/message file I'm seeing scanning attempts and portsentry to dropping the scan ip address. Is there a way to prevent these scans from happing in the first place? I ask because when portsentry kicks in it also seems to stop all outgoing traffic as we as incoming traffic.
example:
Mar 4 07:47:15 gateway portsentry[10336]: attackalert: TCP SYN/Normal scan from host: cae31-216-192.sc.rr.com/24.31.216.192 to TCP port: 135
Mar 4 07:47:15 gateway portsentry[10336]: attackalert: Host 24.31.216.192 has been blocked via dropped route using command: "/sbin/iptables -I INPUT -s 24.31.216.192 -j DROP"
Thanks
Jon L. Miller, MCNE, CNS, ASE
Director/Sr Systems Consultant
MMT Networks Pty Ltd
http://www.mmtnetworks.com.au
"I don't know the key to success, but the key to failure
is trying to please everybody." -Bill Cosby
More information about the plug
mailing list