-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 23 February 2003 08:39 pm, Thomas E. Dukes wrote:
> Feb 23 16:24:07 localhost portsentry[983]: attackalert: Possible > stealth scan from unknown host to TCP port: 111 (accept failed) > Feb 23 16:24:37 localhost last message repeated 160240 times > Feb 23 16:25:38 localhost last message repeated 316834 times > Feb 23 16:26:24 localhost last message repeated 236839 times > Feb 23 16:26:24 localhost samba(pam_unix)[1666]: session closed for > user edukes > Feb 23 16:26:24 localhost portsentry[983]: attackalert: Possible > stealth scan from unknown host to TCP port: 111 (accept failed) > Feb 23 16:26:54 localhost last message repeated 164387 times > Feb 23 16:27:56 localhost last message repeated 326772 times > > These are the last two entries prior to the beginning of these strange > entries. I installed portsenrty today but samba has been installed for > a while. I un-installed porsentry, but it didn't stop the repeated log > entries. It may be something with samba but I checked previous > messages logs and didn't see these occurrences. The timing looks about right on the portsentry entries. Did you install portsentry via rpm? Did the uninstall stop the portsentry daemon? My best guess is that portsentry is responsible, and is still running. How about the output of ps ax|grep sentry Failing that, perhaps the log entries from before the start of those you included: Feb 23 16:23:53 localhost last message repeated 326713 times Feb 23 16:24:07 localhost last message repeated 70915 times Feb 23 16:24:07 localhost samba(pam_unix)[1666]: session opened for user Perhaps even going back to the messages logged when portsentry starts up? - -- - -Michael pgp key: http://www.tuxfan.homeip.net:8080/gpgkey.txt Red Hat Linux 7.{2,3}|8.0 in 8M of RAM: http://www.rule-project.org/ - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+WYC1n/07WoAb/SsRAuVfAJ4/zVV/pjIzVA2uKfqSgKKIajhFogCeNanW Om4rFmgsalgeyv2ZrSWar0g= =39WN -----END PGP SIGNATURE----- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
