LJ Archive

Listing 1. An E-mailed Intrusion Attempt Detected by PortSentry and Parsed by Logcheck


Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Dec  4 10:41:18 hostname portsentry[17879]: attackalert: SYN/Normal scan from host: telephony.titg.com/216.29.146.2 to TCP port: 111
Dec  4 10:41:18 hostname portsentry[17879]: attackalert: Host 216.29.146.2 has been blocked via wrappers with string: "ALL: 216.29.146.2"
Dec  4 10:41:18 hostname portsentry[17879]: attackalert: Host 216.29.146.2 has been blocked via dropped route using command: "/sbin/ipchains -I input -s 216.29.146.2 -j DENY -l"
Dec  4 10:41:18 hostname portsentry[17879]: attackalert: SYN/Normal scan from host: telephony.titg.com/216.29.146.2 to TCP port: 111
Dec  4 10:41:18 hostname portsentry[17879]: attackalert: Host:
telephony.titg.com/216.29.146.2 is already blocked Ignoring

Security Violations
=-=-=-=-=-=-=-=-=-=
Dec  4 10:41:18 hostname portsentry[17879]: attackalert: SYN/Normal scan from host: telephony.titg.com/216.29.146.2 to TCP port: 111
Dec  4 10:41:18 hostname portsentry[17879]: attackalert: Host 216.29.146.2 has been blocked via wrappers with string: "ALL: 216.29.146.2"
Dec  4 10:41:18 hostname portsentry[17879]: attackalert: Host 216.29.146.2 has been blocked via dropped route using command: "/sbin/ipchains -I input -s 216.29.146.2 -j DENY -l"
Dec  4 10:41:18 hostname portsentry[17879]: attackalert: SYN/Normal scan from host: telephony.titg.com/216.29.146.2 to TCP port: 111
Dec  4 10:41:18 hostname portsentry[17879]: attackalert: Host: telephony.titg.com/216.29.146.2 is already blocked Ignoring

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Dec  4 10:41:18 hostname portsentry[17879]: attackalert: SYN/Normal scan from host: telephony.titg.com/216.29.146.2 to TCP port: 111
Dec  4 10:41:18 hostname portsentry[17879]: attackalert: Host 216.29.146.2 has been blocked via wrappers with string: "ALL: 216.29.146.2"
Dec  4 10:41:18 hostname portsentry[17879]: attackalert: Host 216.29.146.2 has been blocked via dropped route using command: "/sbin/ipchains -I input -s 216.29.146.2 -j DENY -l"
Dec  4 10:41:18 hostname portsentry[17879]: attackalert: SYN/Normal scan from host: telephony.titg.com/216.29.146.2 to TCP port: 111
Dec  4 10:41:18 hostname portsentry[17879]: attackalert: Host: telephony.titg.com/216.29.146.2 is already blocked Ignoring

LJ Archive