[sclug] External command run for host: using command: "echo \
Tim Sutton
tim at linfiniti.com
Fri Dec 30 12:04:36 UTC 2005
Hi All
I regularly get breakin attempts on my webserver with the following log
messages (see below). I believe the breakins are being foiled by
portsentry but would like to
a) make sure no permament damage is being done
b) block these probes as effectively as possible (blocking the host etc)
c) generally understand what is going on here...
Any tips will be appreciated.
Regards
Tim
Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Dec 29 14:06:42 foohost portsentry[1049]: attackalert: UDP scan from
host: f09m-213-44-216-15.d1.club-internet.fr/213.44.216.15 to UDP port: 80
Dec 29 14:06:42 foohost portsentry[1049]: attackalert: Host
213.44.216.15 has been blocked via wrappers with string: "ALL:
213.44.216.15"
Dec 29 14:06:42 foohost portsentry[1049]: attackalert: Host
213.44.216.15 has been blocked via dropped route using command:
"/sbin/route add -host 213.44.216.15 reject"
Dec 29 14:06:42 foohost portsentry[1049]: attackalert: External command
run for host: 213.44.216.15 using command: "echo \"
--
Tim Sutton (tim at linfiniti.com)
Visit http://qgis.org for a great open source GIS application
Skype : timlinux
Jabber : timlinux at jabber.org
MSN : tim_bdworld at msn.com
ICQ : 245485851
More information about the Sclug
mailing list