[Pluto-help] Possibile intrusione ?

Simone Deponti sim82 a tiscalinet.it
Dom 16 Dic 2001 22:34:39 CET


Non sono un superesperto (leggasi "sono un pivello") ma mi par di capire che
un tizio abbia tentato di entrare nel tuo sistema e sia stato respinto dal
firewall.
----- Original Message -----
From: "Pfky" <project.uno a tiscalinet.it>
To: <pluto-help a lists.pluto.linux.it>
Sent: Sunday, December 16, 2001 12:26 PM
Subject: [Pluto-help] Possibile intrusione ?


> Oggi ho dato un'occhiata al log del portsentry e sono un po' preoccupato x
> quello che c'è scritto:
>
> Dal syslog:
>
> Dec 14 22:45:20 localhost portsentry[1243]: attackalert: TCP SYN/Normal
scan
> from host: APuteaux-102-1-6-32.abo.wanadoo.fr/193.253.62.32 to TCP port:
21
> Dec 14 22:45:20 localhost portsentry[1243]: attackalert: Host
193.253.62.32
> has been blocked via wrappers with string: "ALL: 193.253.62.32"
> Dec 14 22:45:22 localhost portsentry[1243]: attackalert: Host
193.253.62.32
> has been blocked via dropped route using command: "/sbin/iptables -A
INPUT -s
> 193.253.62.32 -j DROP"
> Dec 14 22:45:22 localhost portsentry[1243]: attackalert: TCP SYN/Normal
scan
> from host: APuteaux-102-1-6-32.abo.wanadoo.fr/193.253.62.32 to TCP port:
21
> Dec 14 22:45:22 localhost portsentry[1243]: attackalert: Host:
> APuteaux-102-1-6-32.abo.wanadoo.fr/193.253.62.32 is already blocked
Ignoring
> Dec 14 23:03:54 localhost portsentry[1243]: attackalert: TCP SYN/Normal
scan
> from host: ASte-Genev-Bois-102-1-3-248.abo.wanadoo.fr/80.11.132.248 to TCP
> port: 21
> Dec 14 23:03:54 localhost portsentry[1243]: attackalert: Host
80.11.132.248
> has been blocked via wrappers with string: "ALL: 80.11.132.248"
> Dec 14 23:03:55 localhost portsentry[1243]: attackalert: Host
80.11.132.248
> has been blocked via dropped route using command: "/sbin/iptables -A
INPUT -s
> 80.11.132.248 -j DROP"
> Dec 14 23:03:55 localhost portsentry[1243]: attackalert: TCP SYN/Normal
scan
> from host: ASte-Genev-Bois-102-1-3-248.abo.wanadoo.fr/80.11.132.248 to TCP
> port: 21
> Dec 14 23:03:55 localhost portsentry[1243]: attackalert: Host:
> ASte-Genev-Bois-102-1-3-248.abo.wanadoo.fr/80.11.132.248 is already
blocked
> Ignoring
> Dec 14 23:03:55 localhost portsentry[1243]: attackalert: TCP SYN/Normal
scan
> from host: ASte-Genev-Bois-102-1-3-248.abo.wanadoo.fr/80.11.132.248 to TCP
> port: 21
> Dec 14 23:03:55 localhost portsentry[1243]: attackalert: Host:
> ASte-Genev-Bois-102-1-3-248.abo.wanadoo.fr/80.11.132.248 is already
blocked
> Ignoring
>
> C'è qualcuno che può spiegarmi quello che c'è scritto sopra?
> Saluti e grazie in anticipo,
>
>         Paolo
>
>
> _______________________________________________
> pluto-help mailing list
> pluto-help a lists.pluto.linux.it
> http://lists.pluto.linux.it/mailman/listinfo/pluto-help





More information about the pluto-help mailing list