[FUGSPBR] crack pop
Dorian Bolivar
dbolivar em uol.com.br
Qua Maio 29 22:05:34 BRT 2002
On Wed, 2002-05-29 at 18:06, irado furioso com tudo wrote:
> :============= begin
> May 9 10:16:58 portsentry[19610]: attackalert: Host 200.155.0.114
> has been blocked via dropped route using command: "/sbin/ipchains -I
> input -s 200.155.0.114 -j DENY -l" May 9 10:16:58 portsentry[19610]:
> attackalert: Unknown/Illegal scan type: TCP Packet Flags: FIN 0 SYN: 0
> RST: 0 PUSH: 0 ACK: 1 URG: 0 UNUSED1: 0 UNUSED2: 0 scan from host
> 200.155.0.114/200.155.0.114 to TCP port: 1524 from TCP port: 80 May 9
> 10:16:58 portsentry[19610]: attackalert: Host: 200.229.133.210 is
> already blocked - Ignoring May 9 10:17:43 last message repeated 37
> times May 9 10:18:00 last message repeated 33 times
> May 9 10:18:02 portsentry[19610]: attackalert: Host 200.207.9.250
> has been blocked via wrappers with string: "ALL: 200.207.9.250" May 9
> 10:18:02 portsentry[19610]: attackalert: Host 200.207.9.250 has been
> blocked via dropped route using command: "/sbin/ipchains -I input -s
> 200.207.9.250 -j DENY -l" May 9 10:18:02 portsentry[19610]:
> attackalert: TCP SYN scan from host 200.207.9.250/200.207.9.250 to TCP
> port: 80 from TCP port: 1092:============= end
Mas isso parece que ele detectou foi um portscan (pelo visto, aquele
"stealth" - é o mesmo que "SYN scan"?), que é a utilidade principal do
PortSentry...
[]s,
Dorian
______________________________________________
http://www2.fugspbr.org/mailman/listinfo/fugspbr
Mais detalhes sobre a lista de discussão freebsd