Bug 43357 - portsentry works properly under 7.0 and has a race condition under 7.1
portsentry works properly under 7.0 and has a race condition under 7.1
Status: CLOSED WORKSFORME
Product: Red Hat Powertools
Classification: Retired
Component: portsentry (Show other bugs)
7.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Tim Powers
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-06-03 15:52 EDT by Need Real Name
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-06-04 09:31:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2001-06-03 15:52:06 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)

Description of problem:
On startup, portsentry thinks it encounters a stealth port scan from an 
unknown source against port 80, and logs about 300,000 of these per 
minute, even if the machine isn't connected to a network. Here's the tail 
of the log file:

Jun  3 14:05:59 unix5 last message repeated 74206 times
Jun  3 14:05:59 unix5 login(pam_unix)[653]: session opened for user root 
by LOGIN(uid=0)
Jun  3 14:05:59 unix5 portsentry[626]: attackalert: Possible stealth scan 
from unknown host to TCP port: 80 (accept failed)
Jun  3 14:05:59 unix5 last message repeated 11 times
Jun  3 14:05:59 unix5  -- root[653]: ROOT LOGIN ON tty1
Jun  3 14:05:59 unix5 portsentry[626]: attackalert: Possible stealth scan 
from unknown host to TCP port: 80 (accept failed)
Jun  3 14:06:23 unix5 last message repeated 140710 times
Jun  3 14:06:23 unix5 portsentry[630]: attackalert: Connect from host: 
cgbntpc.sunserver.com/208.42.108.24 to UDP port: 138
Jun  3 14:06:23 unix5 portsentry[626]: attackalert: Possible stealth scan 
from unknown host to TCP port: 80 (accept failed)
Jun  3 14:06:54 unix5 last message repeated 186375 times


How reproducible:
Always

Steps to Reproduce:
1.Install the RPM for portsentry
2. Reboot
3.
	

Additional info:
Comment 1 Tim Powers 2001-06-04 09:31:39 EDT
I can't reproduce this using portsentry-1.0-11 from Powertools 7.1. Do you have
this version/release of portsentry installed? If so, have you made any
customizations to portsenty's config?

Tim
Comment 2 Tim Powers 2001-10-11 10:34:49 EDT
I am closing this bug due to inactivity.

Tim

Note You need to log in before you can comment on or make changes to this bug.