[ale] portsentry question

Fulton Green ale at FultonGreen.com
Thu May 31 22:02:11 EDT 2001 

'natch, port 143 is for the IMAP mailbox protocol.

Regardless, I have PortSentry 1.0 installed on Red Hat 7.1 (with Raw Hide
upgrades) and IMAP installed (though IMAP immediately closes any outside
attempt to connect). No probs. so far. Whoops, it's thundering outside, so
I've gotta go now ...

but it's disabled by default
On Thu, May 31, 2001 at 06:12:23PM -0400, Marc Vogt wrote:
> > I seem to have portsentry installed curtesy of a new RH7.1
> > 
> > It is going bezerk about port 143.
> > 
> > May 31 17:45:11 archimedes portsentry[3236]: attackalert: Possible stealth
> > scan from unknown host to TCP port: 143 (accept failed)
> > May 31 17:45:41 archimedes last message repeated 211631 times
> > May 31 17:46:42 archimedes last message repeated 417977 times
> > May 31 17:47:43 archimedes last message repeated 417348 times
> > May 31 17:48:44 archimedes last message repeated 418007 times
> > May 31 17:49:45 archimedes last message repeated 417566 times
> > 
> > My other network indicators don't show any traffic that could support this
> > kind of loading. It, of course, goes away when I tell portsentry to not
> > look at 143.
> > 
> > The docs are slim, no man page, website docs are minimal.
> > 
> > I like the idea of portsentry, but right now it's eating an entire
> > processor! Glad I've got 2 :)
> > 
> 
> 
> I had this same problem a while back.  A different set
> of ports were giving me problems.  And when I would have it ignore
> one of them it would give me a new problematic one.  Finally
> I was able to ignore 3 ports, but I never really solved the problem.
> 
> Portsentry worked fine for me under Caldera Open Linux 2.3
> with 2.2.12 kernel, but I went to COL 2.4 I had problems
> with it under both 2.2.14 and 2.4.0 kernels.  I didn't even
> have to be connected to the network to experience the problem.
> 
> I only have one processor, so I had to just ignore the three ports
> and have faith in my ipchains rules.
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list