From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98) Description of problem: On startup, portsentry thinks it encounters a stealth port scan from an unknown source against port 80, and logs about 300,000 of these per minute, even if the machine isn't connected to a network. Here's the tail of the log file: Jun 3 14:05:59 unix5 last message repeated 74206 times Jun 3 14:05:59 unix5 login(pam_unix)[653]: session opened for user root by LOGIN(uid=0) Jun 3 14:05:59 unix5 portsentry[626]: attackalert: Possible stealth scan from unknown host to TCP port: 80 (accept failed) Jun 3 14:05:59 unix5 last message repeated 11 times Jun 3 14:05:59 unix5 -- root[653]: ROOT LOGIN ON tty1 Jun 3 14:05:59 unix5 portsentry[626]: attackalert: Possible stealth scan from unknown host to TCP port: 80 (accept failed) Jun 3 14:06:23 unix5 last message repeated 140710 times Jun 3 14:06:23 unix5 portsentry[630]: attackalert: Connect from host: cgbntpc.sunserver.com/208.42.108.24 to UDP port: 138 Jun 3 14:06:23 unix5 portsentry[626]: attackalert: Possible stealth scan from unknown host to TCP port: 80 (accept failed) Jun 3 14:06:54 unix5 last message repeated 186375 times How reproducible: Always Steps to Reproduce: 1.Install the RPM for portsentry 2. Reboot 3. Additional info:
I can't reproduce this using portsentry-1.0-11 from Powertools 7.1. Do you have this version/release of portsentry installed? If so, have you made any customizations to portsenty's config? Tim
I am closing this bug due to inactivity. Tim