Re: [opennms-devel] OpenNMS appears to be doing port scans (resubmit as member)

Wed, 16 May 2012 10:40:39 -0700 

On Wed, May 16, 2012 at 11:37 AM, Aubertin, Charles E
<cauber...@usbr.gov> wrote:
>
> Apologies. I am resubmitting this questions as a member. Thanx
>
>
>
> We are using OpenNMS to monitor some switches and firewalls on our GDACS 
> system. OpenNMS then reports to ELM, (Event Log Management by TnT). ELM is 
> reporting what appears to be numerous port scans on these systems by OpenNMS. 
> The error message looks like this:
>
> "kernel: Shorewall:ext2int:DROP:IN=eth1 OUT=eth2 SRC=10.x.x.1 DST=10.x.x.2 
> LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=27821 DF PROTO=TCP SPT=3313 DPT=23 
> WINDOW=65535 RES=0x00 SYN URGP=0".
>
> This message is reporting in ELM and it references OpenNMS by the 
> SRC=10.x.x.1 address which belongs to OpenNMS. We believe it is a port scan 
> because the next message will have different port values in the SPT= and 
> DPT=, such as 20, 21, 23, 443, 8080,...etc.
>
> Has anyone seen this before? If so, is there a way to shut port scanning off, 
> (or whatever it is), in OpenNMS. It is not really telling us much of anything 
> and is really cluttering up our ELM. Thanx

OpenNMS will periodically rescan for the services configured in
capsd-configuration.xml trying to discover the things it should
monitor.   I don't think you can stop this from happening even if you
have explicitly configured that service as unmanaged on a given
interface.

---
   Les Mikesell
     lesmikes...@gmail.com

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-devel mailing list

To *unsubscribe* or change your subscription options, see the bottom of this 
page:
https://lists.sourceforge.net/lists/listinfo/opennms-devel

Reply via email to