I installed PortSentry on our RedHat 7.2 Linux e-mail server. It has been chugging along, even under what appear to be DDOS attacks. Can anyone here tell me if the following log entries from messages is a DDOS? Check this out from my log:
Jan 27 04:02:01 mail portsentry[1021]: attackalert: Possible stealth scan from unkown host to Port: 80 (accept failed) Jan 27 04:02:31 mail last message repeated 363307 times Jan 27 04:03:32 mail last message repeated 837260 times Jan 27 04:04:33 mail last message repeated 840480 times Jan 27 04:05:35 mail last message repeated 839566 times Jan 27 04:06:35 mail last message repeated 841096 times Jan 27 04:07:37 mail last message repeated 840128 times Jan 27 04:08:38 mail last message repeated 842474 times Jan 27 04:09:38 mail last message repeated 840415 times ad nauseum. As a side note, this attack is still going on. Any ideas? I've been trying to get a hold of UUNet/Worldcom, who is our ISP, to no avail. Thanks for any advice. Jim Swanson
