Listing 1. An E-mailed Intrusion Attempt Detected by PortSentry and Parsed by Logcheck
Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Dec 4 10:41:18 hostname portsentry[17879]: attackalert: SYN/Normal scan from host: telephony.titg.com/216.29.146.2 to TCP port: 111
Dec 4 10:41:18 hostname portsentry[17879]: attackalert: Host 216.29.146.2 has been blocked via wrappers with string: "ALL: 216.29.146.2"
Dec 4 10:41:18 hostname portsentry[17879]: attackalert: Host 216.29.146.2 has been blocked via dropped route using command: "/sbin/ipchains -I input -s 216.29.146.2 -j DENY -l"
Dec 4 10:41:18 hostname portsentry[17879]: attackalert: SYN/Normal scan from host: telephony.titg.com/216.29.146.2 to TCP port: 111
Dec 4 10:41:18 hostname portsentry[17879]: attackalert: Host:
telephony.titg.com/216.29.146.2 is already blocked Ignoring
Security Violations
=-=-=-=-=-=-=-=-=-=
Dec 4 10:41:18 hostname portsentry[17879]: attackalert: SYN/Normal scan from host: telephony.titg.com/216.29.146.2 to TCP port: 111
Dec 4 10:41:18 hostname portsentry[17879]: attackalert: Host 216.29.146.2 has been blocked via wrappers with string: "ALL: 216.29.146.2"
Dec 4 10:41:18 hostname portsentry[17879]: attackalert: Host 216.29.146.2 has been blocked via dropped route using command: "/sbin/ipchains -I input -s 216.29.146.2 -j DENY -l"
Dec 4 10:41:18 hostname portsentry[17879]: attackalert: SYN/Normal scan from host: telephony.titg.com/216.29.146.2 to TCP port: 111
Dec 4 10:41:18 hostname portsentry[17879]: attackalert: Host: telephony.titg.com/216.29.146.2 is already blocked Ignoring
Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Dec 4 10:41:18 hostname portsentry[17879]: attackalert: SYN/Normal scan from host: telephony.titg.com/216.29.146.2 to TCP port: 111
Dec 4 10:41:18 hostname portsentry[17879]: attackalert: Host 216.29.146.2 has been blocked via wrappers with string: "ALL: 216.29.146.2"
Dec 4 10:41:18 hostname portsentry[17879]: attackalert: Host 216.29.146.2 has been blocked via dropped route using command: "/sbin/ipchains -I input -s 216.29.146.2 -j DENY -l"
Dec 4 10:41:18 hostname portsentry[17879]: attackalert: SYN/Normal scan from host: telephony.titg.com/216.29.146.2 to TCP port: 111
Dec 4 10:41:18 hostname portsentry[17879]: attackalert: Host: telephony.titg.com/216.29.146.2 is already blocked Ignoring
Copyright © 1994 - 2019 Linux Journal. All rights reserved.