[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] portsentry question

> I seem to have portsentry installed curtesy of a new RH7.1
> It is going bezerk about port 143.
> May 31 17:45:11 archimedes portsentry[3236]: attackalert: Possible stealth
> scan from unknown host to TCP port: 143 (accept failed)
> May 31 17:45:41 archimedes last message repeated 211631 times
> May 31 17:46:42 archimedes last message repeated 417977 times
> May 31 17:47:43 archimedes last message repeated 417348 times
> May 31 17:48:44 archimedes last message repeated 418007 times
> May 31 17:49:45 archimedes last message repeated 417566 times
> My other network indicators don't show any traffic that could support this
> kind of loading. It, of course, goes away when I tell portsentry to not
> look at 143.
> The docs are slim, no man page, website docs are minimal.
> I like the idea of portsentry, but right now it's eating an entire
> processor! Glad I've got 2 :)

I had this same problem a while back.  A different set
of ports were giving me problems.  And when I would have it ignore
one of them it would give me a new problematic one.  Finally
I was able to ignore 3 ports, but I never really solved the problem.

Portsentry worked fine for me under Caldera Open Linux 2.3
with 2.2.12 kernel, but I went to COL 2.4 I had problems
with it under both 2.2.14 and 2.4.0 kernels.  I didn't even
have to be connected to the network to experience the problem.

I only have one processor, so I had to just ignore the three ports
and have faith in my ipchains rules.

To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.