Apologies. I am resubmitting this questions as a member. Thanx We are using OpenNMS to monitor some switches and firewalls on our GDACS system. OpenNMS then reports to ELM, (Event Log Management by TnT). ELM is reporting what appears to be numerous port scans on these systems by OpenNMS. The error message looks like this:
"kernel: Shorewall:ext2int:DROP:IN=eth1 OUT=eth2 SRC=10.x.x.1 DST=10.x.x.2 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=27821 DF PROTO=TCP SPT=3313 DPT=23 WINDOW=65535 RES=0x00 SYN URGP=0". This message is reporting in ELM and it references OpenNMS by the SRC=10.x.x.1 address which belongs to OpenNMS. We believe it is a port scan because the next message will have different port values in the SPT= and DPT=, such as 20, 21, 23, 443, 8080,...etc. Has anyone seen this before? If so, is there a way to shut port scanning off, (or whatever it is), in OpenNMS. It is not really telling us much of anything and is really cluttering up our ELM. Thanx _______________________________________________________ ☻ Chad Aubertin IT Specialist (SYSANALYSIS) U.S. Bureau of Reclamation Grand Coulee Dam cauber...@usbr.gov<mailto:cauber...@usbr.gov> www.usbr.gov<http://www.usbr.gov/> Phone: 1.509.633.9167 [cid:image001.png@01CD3347.632D4C20]
<<inline: image001.png>>
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Please read the OpenNMS Mailing List FAQ: http://www.opennms.org/index.php/Mailing_List_FAQ opennms-devel mailing list To *unsubscribe* or change your subscription options, see the bottom of this page: https://lists.sourceforge.net/lists/listinfo/opennms-devel
