From owner-freebsd-stable Thu Feb 22 13:39: 4 2001 Delivered-To: freebsd-stable@freebsd.org Received: from obsecurity.dyndns.org (adsl-64-165-226-53.dsl.lsan03.pacbell.net [64.165.226.53]) by hub.freebsd.org (Postfix) with ESMTP id 0885937B69B for ; Thu, 22 Feb 2001 13:39:01 -0800 (PST) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 658A166C3B; Thu, 22 Feb 2001 13:39:00 -0800 (PST) Date: Thu, 22 Feb 2001 13:39:00 -0800 From: Kris Kennaway To: Brent Cc: stable@freebsd.org Subject: Re: strange port activity Message-ID: <20010222133900.A7570@mollari.cthul.hu> References: <005a01c09d15$adb0e7e0$e32b82d0@cybertours.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="vkogqOf2sHV7VnPd" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <005a01c09d15$adb0e7e0$e32b82d0@cybertours.com>; from brentb@loa.com on Thu, Feb 22, 2001 at 04:23:19PM -0500 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --vkogqOf2sHV7VnPd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Feb 22, 2001 at 04:23:19PM -0500, Brent wrote: > i just cvsup my and did make world & kernel...--mergemaster...all is > good....so just to tighten things up a bit ..i installed portsentry from the > ports collection...installed without a prob...the FreeBSD box is on a very > large internel network ( its our LAN resourse machine) it runs a bunch of > company mailing lists ..as well as a web server among other things BUT I > DONT HAVE SAMBA installed....my question is this....i port scanned the > machine from another machine on the network...just to see what would > happen...and sure enough it mailed me...letting me know whats up.....THE > THING IS..it say its being scanned by 12 other machines on the network (i > know for fact it really isnt) ..ALL on port 161 what the heck runs on > port 161 ???? more /etc/services ... snmp 161/tcp snmp 161/udp ... I'm not sure why you mentioned SAMBA. I think you're being confused by portsentry telling you your machine is "being portscanned" when really it's just some routers or management nodes trying to connect to the SNMP service on your machine for management purposes. It's the same problem which causes people with Windows "personal firewall" software to go to red alert when they see a remote system returning an ICMP Unreachable packet at them, because the software is too trigger-happy and tells them they're being hacked. Kris --vkogqOf2sHV7VnPd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6lYb0Wry0BWjoQKURAqJ9AKD6ug4bEKDN4XrrKUwmP9s46qu/qQCfejzi vJ0M+yA8Sh61lWPzRUqn/aE= =QcOB -----END PGP SIGNATURE----- --vkogqOf2sHV7VnPd-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message