Portsentry질문드립니다.
작성자 정보
- 서버매니아 작성
- 작성일
컨텐츠 정보
- 2,945 조회
- 0 추천
- 목록
본문
서버를 개인사정으로 인해 재부팅시켰습니다.
아무런 문제가 없었는데 재부팅하자마자 Portsentry가 접속하는 모든 사람을 Hosts.deny에 등록시켜버리는 문제가 발생했었습니다.
TCP_PORTS="21,22,80,443,3306,"UDP_PORTS="21,22,80,443,3306"
이렇게 conf파일상에 정상적으로 등록됬음에도 불구하고
Jan 23 12:06:30 buy-0067 portsentry[3125]: attackalert: Host: 58.75.240.130/58.75.240.130 is already blocked Ignoring
Jan 23 12:06:35 buy-0067 portsentry[3125]: attackalert: TCP SYN/Normal scan from host: 58.75.240.130/58.75.240.13
0 to TCP port: 80
Jan 23 12:06:35 buy-0067 portsentry[3125]: attackalert: Host: 58.75.240.130/58.75.240.130 is already blocked Igno
ring
Jan 23 12:11:54 buy-0067 portsentry[3127]: attackalert: UDP scan from host: 116.120.57.209/116.120.57.209 to UDP
port: 514
Jan 23 12:11:54 buy-0067 portsentry[3127]: attackalert: Host 116.120.57.209 has been blocked via wrappers with st
ring: "ALL: 116.120.57.209"
Jan 23 12:11:54 buy-0067 portsentry[3127]: attackalert: Host 116.120.57.209 has been blocked via dropped route us
ing command: "/sbin/iptables -I INPUT -s 116.120.57.209 -j DROP"
Jan 23 11:50:39 buy-0067 portsentry[3125]: attackalert: Host 61.74.147.97 has been blocked via wrappers with stri
ng: "ALL: 61.74.147.97"
Jan 23 11:50:39 buy-0067 portsentry[3125]: attackalert: Host 61.74.147.97 has been blocked via dropped route usin
g command: "/sbin/iptables -I INPUT -s 61.74.147.97 -j DROP"
Jan 23 11:50:44 buy-0067 portsentry[3125]: attackalert: TCP SYN/Normal scan from host: 61.74.147.97/61.74.147.97
to TCP port: 80
Jan 23 11:40:34 buy-0067 portsentry[3125]: attackalert: Host 147.43.72.71 has been blocked via wrappers with stri
ng: "ALL: 147.43.72.71"
Jan 23 11:40:34 buy-0067 portsentry[3125]: attackalert: Host 147.43.72.71 has been blocked via dropped route usin
g command: "/sbin/iptables -I INPUT -s 147.43.72.71 -j DROP"
Jan 23 11:40:39 buy-0067 portsentry[3125]: attackalert: TCP SYN/Normal scan from host: 147.43.72.71/147.43.72.71
to TCP port: 80
Jan 23 11:40:39 buy-0067 portsentry[3125]: attackalert: Host: 147.43.72.71/147.43.72.71 is already blocked Ignori
ng
이런문제를 뿜어대네요. 무엇이 문제인지 궁금합니다.
관련자료
-
이전
-
다음
