[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] portsentry question
- Subject: [ale] portsentry question
- From: mtv at theor.chemistry.gatech.edu (Marc Vogt)
- Date: Thu, 31 May 2001 18:12:23 -0400 (EDT)
> I seem to have portsentry installed curtesy of a new RH7.1
> It is going bezerk about port 143.
> May 31 17:45:11 archimedes portsentry: attackalert: Possible stealth
> scan from unknown host to TCP port: 143 (accept failed)
> May 31 17:45:41 archimedes last message repeated 211631 times
> May 31 17:46:42 archimedes last message repeated 417977 times
> May 31 17:47:43 archimedes last message repeated 417348 times
> May 31 17:48:44 archimedes last message repeated 418007 times
> May 31 17:49:45 archimedes last message repeated 417566 times
> My other network indicators don't show any traffic that could support this
> kind of loading. It, of course, goes away when I tell portsentry to not
> look at 143.
> The docs are slim, no man page, website docs are minimal.
> I like the idea of portsentry, but right now it's eating an entire
> processor! Glad I've got 2 :)
I had this same problem a while back. A different set
of ports were giving me problems. And when I would have it ignore
one of them it would give me a new problematic one. Finally
I was able to ignore 3 ports, but I never really solved the problem.
Portsentry worked fine for me under Caldera Open Linux 2.3
with 2.2.12 kernel, but I went to COL 2.4 I had problems
with it under both 2.2.14 and 2.4.0 kernels. I didn't even
have to be connected to the network to experience the problem.
I only have one processor, so I had to just ignore the three ports
and have faith in my ipchains rules.
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.