snmp logged to portsentry from windows workstation

• Previous message: Charles Demas: "Re: replacing high order ascii chars using sed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "LHradowy" <laura.hradowy@NOSPAM.mts.ca>
Date: Tue, 15 Apr 2003 12:27:07 -0500

I have set up a domain of windows workstations. I am now getting a message
in my logchecker on RH 7.3 from portsentry...

Apr 15 11:05:57 opsftp portsentry[7500]: attackalert: UDP scan from host:
tnm.ops.xxx.xx/192.168.2.2 to UDP port: 161

I do have the hp jet direct client installed on the workstations. I do not
have snmp activated on my linux box that is being used for ftp server. As
well, it is not installed on the workstations.

I am also having a heck of a time creating the portsenty.ignore or
portsentry.ignore.violations files. It seems it will ignore some entries I
put in but others it will not. I have many different ways, and with * (wild
cards) any ideas...

Like the entry above, I put it in both files like

*UDP scan from host: tnm.ops.xxx.xx/192.168.2.2 to UDP port: 161

or ...

*tnm*

or...

UDP port: 161

Nothing seems to work! I am getting really tired of the messages every hour
of the same thing!

• Previous message: Charles Demas: "Re: replacing high order ascii chars using sed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages snmp logged to portsentry from windows workstation ... in my logchecker on RH 7.3 from portsentry... ... tnm.ops.xxx.xx/192.168.2.2 to UDP port: 161 ... I do have the hp jet direct client installed on the workstations. ... (comp.security.misc) snmp logged to portsentry from windows workstation ... in my logchecker on RH 7.3 from portsentry... ... tnm.ops.xxx.xx/192.168.2.2 to UDP port: 161 ... I do have the hp jet direct client installed on the workstations. ... (comp.os.linux.security)