|
View Full Version : what is portsentry? is it needed?
Hi, I noticed that a command called portsentry use about 40-60% of CPU. What is this for? Can I kill it?
10:19am up 15 min, 1 user, load average: 2.06, 2.38, 1.77
153 processes: 148 sleeping, 5 running, 0 zombie, 0 stopped
CPU states: 55.3% user, 36.8% system, 0.0% nice, 7.8% idle
Mem: 510880K av, 162548K used, 348332K free, 468K shrd, 4068K buff
Swap: 131504K av, 0K used, 131504K free 79312K cached
PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND
774 root 14 0 508 508 436 R 38.5 0.0 6:18 portsentry
2007 mysql 14 0 7184 7184 2104 R 20.7 1.4 0:09 mysqld
2446 root 9 0 1104 1100 832 R 8.1 0.2 0:00 top
2326 root 9 0 2036 2036 1704 R 0.0 0.3 0:00 sshd
2441 index 9 0 2868 2868 1176 R 0.0 0.5 0:00 ads.pl
Thanks for your help.
Techark 07-18-2002, 03:25 AM If you want to be attacked by every hacker under the sun you can disable it.
So, I should not disable it, right?
Monte, thanks for your help.
Monte, one more question. Why is it using so much CPU? Is it normal? It is a PIII, 1 GHz.
Thanks.
StevenG 07-18-2002, 03:51 AM If you want to be attacked by every hacker under the sun you can disable it.
LOL.. :D
Techark 07-18-2002, 04:09 AM Originally posted by zoli
Monte, one more question. Why is it using so much CPU? Is it normal? It is a PIII, 1 GHz.
Thanks.
It should pretty much sit in the background unless you are under a system attack then it is busy closing ports and blocking IP addresses.
Gem Hexen 07-18-2002, 04:09 AM If it is using that must CPU there must be something wrong or else your system is under heavy attack 24/7.
DotComster 07-18-2002, 04:09 AM portsentry use about 40-60% of CPU - is that normal?
Originally posted by IT Hosting
If it is using that must CPU there must be something wrong or else your system is under heavy attack 24/7.
How can I check this?
Thanks,
Zoltan
infinite 07-18-2002, 07:06 AM Originally posted by zoli
How can I check this?
Thanks,
Zoltan
Look in your hosts.deny file, if there is a lot of IP addresses there, then they may have been blocked by portsentry. I guess :). Also try looking in /var/log/messages, anything out of the ordinary may be reported there ;).
HTH,
Infinite :cool:
infinite 07-18-2002, 07:14 AM I'm not sure if portsentry will block IP addresses by default, you have to look at you'll /etc/portsentry/portsentry.conf file to check ;)
You might want to look into getting iptables (aval w/ kernel 2.4) set up also :)
RutRow 07-18-2002, 09:01 AM If you have a good firewall or filter in place, packets should not even make it to portsentry. Portsentry is fun to play with, but a good firewall will DENY access to everything, and only allow access to ports that are needed for services to operate correctly.
Originally posted by infinite
Look in your hosts.deny file, if there is a lot of IP addresses there, then they may have been blocked by portsentry. I guess :). Also try looking in /var/log/messages, anything out of the ordinary may be reported there ;).
HTH,
Infinite :cool:
Hi infinite, if I PM you my /var/log/messages, can you take a look to see if it is something strange?
Thanks,
Zoltan
infinite 07-18-2002, 12:05 PM Originally posted by zoli
Hi infinite, if I PM you my /var/log/messages, can you take a look to see if it is something strange?
Thanks,
Zoltan
Why not :D, PM me all of the file, if small, or just the last part of the file if it's really big ;)
Cheers,
Infinite :stickout
|