search for: portscanned

Hi all, I appologise in advance if this is a little OT, but I am building a box that will serve as firewall and router for a small ''internet cafe / netcafe'' and am using CentOS... So here it is: What are the best tools to be used for keeping the potential script kiddies from ''harming the Internet'' :) ? I specifically want to be able to detect and prevent

Anything to do about portscans? Is there any way (should I) to see if the connection is a legit (only SIP currently) connection BEFORE my * answers? [2007-10-17 19:23:46] WARNING[4191]: chan_sip.c:6624 determine_firstline_parts: Bad request protocol 01@<ASTERISK_IP> SIP/2.0 -- Executing [s at default:1] Answer("SIP/sip.jmg.se-081dd730", "") in new stack [2007-10-17

Hello, i use shorewall for a very long time (2 years or so) and i use it for nat and as firewall....i now use portsentrys to detect portscans but there is one problem...i use the HOWTO from the shorewall mailing list to make portsentry and shorewall work together....but there is one prob portscans get detected and a drop rule is added to shorewall for example shorewall drop 62.178.xxx.xx

----- Forwarded message from Louis Kowolowski <louisk@bend.com> ----- Date: Thu, 28 Aug 2003 11:37:42 -0700 From: Louis Kowolowski <louisk@bend.com> To: freebsd-security@freebsd.org Subject: snort, postgres, bridge User-Agent: Mutt/1.5.4i I've been prowling through the FreeBSD and Snort list archives in search of information on setting up snort on a FreeBSD bridge(4) that logs

--nextPart2699335.H7BBWTdPIb Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hello :) After upgrading recently from Woody to Sarge (which went fairly well) I now= =20 have trouble with logcheck. I have been unable to track down a solution. Logcheck runs perfectly through the week until Sunday when logrotate does

Heya.. Yesterday someone "attacked" by box by connection to several ports.. In other words, a simple portscan.. yet, since my box has "log_in_vain" enabled, so it tries to log everything to /var/log/messages, since the logfile got full and the size went over 100K, it tried to rotate the log to save diskspace. (Apr 16 21:00:00 omikron newsyslog[32137]: logfile turned over due

xen-3.0.3-94.el5_4.2 2.6.18-164.6.1.el5xen RHEL5.4 x86_64 I''ve got a dom0 that does nothing but have a DomU created. The DomU gets plenty of load. Over time, the dom0''s ipconntrack table fills up but not the DomU. Once it gets full I can restart iptables and it''s fine. The strange thing is this only happens on hosts I have provided (hardware and hosting) from one

------- BEGIN FORWARDED MESSAGE ------- From: g.pardon@pi.be To: teastep@shorewall.net Cc: Subject: Re: [Shorewall-users] Open ports How am I testing this? I''m doing a portscan using a portscanner like GFI Languard, Superscanner and nmap to check. Those two TCP-ports always showed up. Although, I think there are other to test it. I read the FAQ and the phenomenon (where is that

Hello, I've got samba running on a FreeBSD box that has two interfaces, ep0 which is an external interface, and ep1 which is for internal use only. I only want samba to listen on ep1 so if i'm ever portscanned port 137/139 will not show up as open on the external interface. I've added these lines to the global section of my smb.conf file: hosts allow=192.168.0. interfaces=192.168.0.0/16 127.0.0.1 bind interfaces only=yes yet when i restart samba port 139 is still showing as open on my external interf...

...tch port like the Windows boxes. The firewall has the same interface defined as the inside port and the outside port. But the YAST GUI for configuring Samba has a checkbox for opening all appropriate firewall ports, and I did that. I went back to check and it's still checked. For grins, I portscanned tolkien. TCP ports open are: 21, 22, 25, 110, 139, 445. UDP ports: None. I tried this: net use k: \\172.20.0.5\archive It works! Well, almost. It prompts for username and password, and username and pw I use to login at the linux box doesn't work. "root" with his password works....

I made the following adjustments to /etc/shorewall/common.def (1.3.13 with all relevant patches). ############################################################################ # Shorewall 1.3 -- /etc/shorewall/common.def # # This file defines the rules that are applied before a policy of # DROP or REJECT is applied. In addition to the rules defined in this file, # the firewall will also define a

-=> To moderator: I don't know whether it's wise to release the FTP-location I would recommend everyone to just look over their daemons, and run something like nessus against theirselves... Greetings, Jan-Philip Velders ---------- Forwarded message ---------- Date: Thu, 25 Mar 1999 16:26:59 -0700 From: "Ben Cantrick (Macky Stingray)" <mackys@MACKY.RONIN.NET> To:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello: I've configured a Linux box with Samba to act as a secondary domain controller for an existing NT server. I've gotten everything working very nicely, all my file shares set up, etc. I've got 6 printers that I need to set up as print shares. The ones that speak Postscript or PCL were very easy to set up, and work admirably.

On Sat, 29 May 2004 12:00:52 -0700 (PDT), <freebsd-security-request@freebsd.org> wrote: Hello ! Today i see in snort logs : [**] [1:528:4] BAD-TRAFFIC loopback traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] 06/07-09:44:39.044590 127.0.0.1:80 -> 10.6.148.173:1566 TCP TTL:128 TOS:0x0 ID:577 IpLen:20 DgmLen:40 ***A*R** Seq: 0x0 Ack: 0x75830001 Win: 0x0 TcpLen:

Hi everyone, today I got an e-mail from a company claiming that my server is doing port scans on their firewall machine. I found that hard to believe so I started checking the box. The company rep told me that the scan was originating at port 80 with destination port 8254 on their machine. I couldn't find any hints as to why that computer was subject to the alleged port scans. Searching

Hi, first i must tell you, that my english is not the best, i hav learned my english from manpages and documentation. Please excuse this. I have setted up a Box w/FreeBSD 4.7-RELEASE for connecting to the w3 through an DSL/ATM-Connection. Now i know the stateful handling of firewall-rules under linux with iptables.In the second i have understand that FreeBSD comes with the netfilter-extensions.

Just dropping a note, I've built CentOS4 friendly RPMs (as well as RHEL4 and FC4) of two of my favourite tools, PortSentry and ProFTPd: ftp://ftp.pbone.net/mirror/ftp.falsehope.net/home/tengel/portsentry/CentOS4/ ftp://ftp.pbone.net/mirror/ftp.falsehope.net/home/tengel/proftpd/CentOS4/ PortSentry is built using the last known (RedHat 9 based) SPEC/patches from FreshRPMS, updated to apply

Guys, I've downloaded AsteriskNOW few days ago so I'm new to this product. The first issue is on service provider area. I've already used a VoIP account already configured with my ISP, it works fine! This configuration has been used until now with the client SJphone, Now I would use this profile as main VoIP service provider to setup in AsteriskNOW. Here are the profile detail as

I have the firewall turned on my CentOS 5 box, but GRC is reporting that 631 is closed instead of stealthed. If the firewall isn't configured to allow that, then why might that be happening? Miark

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=78 Summary: -m psd -j TARPIT returns all ports open from nmap Product: iptables userspace Version: unspecified Platform: i386 OS/Version: RedHat Linux Status: NEW Severity: normal Priority: P2 Component: unknown AssignedTo: