Hi,
In my logs from yeasterday portsentery has "attackalert: Unknown Type" and
it seems like the blocking is not working the way it should -or maby it is.
Anyway under here there is a cut from the log, and i would be happy if
sombody new what kind of attack we are talking about?
"
Jun 20 10:52:36 www portsentry[1003]: attackalert: Unknown Type: Packet
Flags: SYN: 1 FIN: 1 ACK: 0 PSH: 0 URG: 0 RST: 0 from host:
195.101.179.1/195.101.179.1 to TCP port: 111
Jun 20 10:52:36 www portsentry[1003]: attackalert: Host 195.101.179.1 has
been blocked via wrappers with string: "ALL: 195.101.179.1"
Jun 20 10:52:36 www portsentry[1003]: attackalert: Unknown Type: Packet
Flags: SYN: 1 FIN: 1 ACK: 0 PSH: 0 URG: 0 RST: 0 from host:
195.101.179.1/195.101.179.1 to TCP port: 111
Jun 20 10:52:36 www portsentry[1003]: attackalert: Host:
195.101.179.1/195.101.179.1 is already blocked Ignoring
Jun 20 10:52:36 www portsentry[1003]: attackalert: Unknown Type: Packet
Flags: SYN: 1 FIN: 1 ACK: 0 PSH: 0 URG: 0 RST: 0 from host:
195.101.179.1/195.101.179.1 to TCP port: 111
Jun 20 10:52:36 www portsentry[1003]: attackalert: Host:
195.101.179.1/195.101.179.1 is already blocked Ignoring
"
The Ip resolves to:
195.101.179.0 - 195.101.179.7
netname: FR-MALESHERBES-PUBLICATION
descr: Malesherbes Publication
country: FR
admin-c: JG8800-RIPE
tech-c: JG8800-RIPE
status: ASSIGNED PA
notify: [EMAIL PROTECTED]
mnt-by: RAIN-TRANSPAC
changed: [EMAIL PROTECTED] 20010129
source: RIPE
(we are mainly hosting sites in Norwegian)
sincerely
Kai R
euroweb
norway
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
