[Pluto-help] Possibile intrusione ?

Pfky project.uno a tiscalinet.it
Dom 16 Dic 2001 12:26:17 CET 

Oggi ho dato un'occhiata al log del portsentry e sono un po' preoccupato x 
quello che c'è scritto:

Dal syslog:

Dec 14 22:45:20 localhost portsentry[1243]: attackalert: TCP SYN/Normal scan 
from host: APuteaux-102-1-6-32.abo.wanadoo.fr/193.253.62.32 to TCP port: 21 
Dec 14 22:45:20 localhost portsentry[1243]: attackalert: Host 193.253.62.32 
has been blocked via wrappers with string: "ALL: 193.253.62.32" 
Dec 14 22:45:22 localhost portsentry[1243]: attackalert: Host 193.253.62.32 
has been blocked via dropped route using command: "/sbin/iptables -A INPUT -s 
193.253.62.32 -j DROP" 
Dec 14 22:45:22 localhost portsentry[1243]: attackalert: TCP SYN/Normal scan 
from host: APuteaux-102-1-6-32.abo.wanadoo.fr/193.253.62.32 to TCP port: 21 
Dec 14 22:45:22 localhost portsentry[1243]: attackalert: Host: 
APuteaux-102-1-6-32.abo.wanadoo.fr/193.253.62.32 is already blocked Ignoring 
Dec 14 23:03:54 localhost portsentry[1243]: attackalert: TCP SYN/Normal scan 
from host: ASte-Genev-Bois-102-1-3-248.abo.wanadoo.fr/80.11.132.248 to TCP 
port: 21 
Dec 14 23:03:54 localhost portsentry[1243]: attackalert: Host 80.11.132.248 
has been blocked via wrappers with string: "ALL: 80.11.132.248" 
Dec 14 23:03:55 localhost portsentry[1243]: attackalert: Host 80.11.132.248 
has been blocked via dropped route using command: "/sbin/iptables -A INPUT -s 
80.11.132.248 -j DROP" 
Dec 14 23:03:55 localhost portsentry[1243]: attackalert: TCP SYN/Normal scan 
from host: ASte-Genev-Bois-102-1-3-248.abo.wanadoo.fr/80.11.132.248 to TCP 
port: 21 
Dec 14 23:03:55 localhost portsentry[1243]: attackalert: Host: 
ASte-Genev-Bois-102-1-3-248.abo.wanadoo.fr/80.11.132.248 is already blocked 
Ignoring 
Dec 14 23:03:55 localhost portsentry[1243]: attackalert: TCP SYN/Normal scan 
from host: ASte-Genev-Bois-102-1-3-248.abo.wanadoo.fr/80.11.132.248 to TCP 
port: 21 
Dec 14 23:03:55 localhost portsentry[1243]: attackalert: Host: 
ASte-Genev-Bois-102-1-3-248.abo.wanadoo.fr/80.11.132.248 is already blocked 
Ignoring 

C'è qualcuno che può spiegarmi quello che c'è scritto sopra?
Saluti e grazie in anticipo,

        Paolo

More information about the pluto-help mailing list