Bug 43357 - portsentry works properly under 7.0 and has a race condition under 7.1
Summary: portsentry works properly under 7.0 and has a race condition under 7.1
Status: CLOSED WORKSFORME
Alias: None
Product: Red Hat Powertools
Classification: Retired
Component: portsentry   
(Show other bugs)
Version: 7.1
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tim Powers
QA Contact:
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-06-03 19:52 UTC by Need Real Name
Modified: 2008-05-01 15:38 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-06-04 13:31:43 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Need Real Name 2001-06-03 19:52:06 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)

Description of problem:
On startup, portsentry thinks it encounters a stealth port scan from an 
unknown source against port 80, and logs about 300,000 of these per 
minute, even if the machine isn't connected to a network. Here's the tail 
of the log file:

Jun  3 14:05:59 unix5 last message repeated 74206 times
Jun  3 14:05:59 unix5 login(pam_unix)[653]: session opened for user root 
by LOGIN(uid=0)
Jun  3 14:05:59 unix5 portsentry[626]: attackalert: Possible stealth scan 
from unknown host to TCP port: 80 (accept failed)
Jun  3 14:05:59 unix5 last message repeated 11 times
Jun  3 14:05:59 unix5  -- root[653]: ROOT LOGIN ON tty1
Jun  3 14:05:59 unix5 portsentry[626]: attackalert: Possible stealth scan 
from unknown host to TCP port: 80 (accept failed)
Jun  3 14:06:23 unix5 last message repeated 140710 times
Jun  3 14:06:23 unix5 portsentry[630]: attackalert: Connect from host: 
cgbntpc.sunserver.com/208.42.108.24 to UDP port: 138
Jun  3 14:06:23 unix5 portsentry[626]: attackalert: Possible stealth scan 
from unknown host to TCP port: 80 (accept failed)
Jun  3 14:06:54 unix5 last message repeated 186375 times


How reproducible:
Always

Steps to Reproduce:
1.Install the RPM for portsentry
2. Reboot
3.
	

Additional info:

Comment 1 Tim Powers 2001-06-04 13:31:39 UTC
I can't reproduce this using portsentry-1.0-11 from Powertools 7.1. Do you have
this version/release of portsentry installed? If so, have you made any
customizations to portsenty's config?

Tim

Comment 2 Tim Powers 2001-10-11 14:34:49 UTC
I am closing this bug due to inactivity.

Tim


Note You need to log in before you can comment on or make changes to this bug.