Results 1 to 2 of 2
  1. #1
    Join Date
    Aug 2002
    Location
    online - s'where between home & datacenter
    Posts
    163

    * Active System Attack Alerts

    Hi,

    If on a Linux 7.3, CPanel Dedicated server portsentry sense attackalert and blocks a host, is it considered safe? what other measures should be taken?

    what its showing is:
    Sep 17 05:16:15 mercury portsentry[2533]: attackalert: TCP SYN/Normal scan
    from host: apollo.propagation.net/63.249.128.50 to TCP port: 513
    Sep 17 05:16:15 mercury portsentry[2533]: attackalert: Host: apollo.propagation.net/63.249.128.50
    is already blocked Ignoring

    (2) Can anyone tell why this error is coming?
    Security Violations
    =-=-=-=-=-=-=-=-=-=
    Sep 17 06:15:50 mercury named[26231]: client 203.144.72.82#65244: updating
    zone 'anydomain.com/IN': update failed: 'RRset exists (value dependent)'
    prerequisite not satisfied (NXRRSET)
    Sep 17 06:15:53 mercury named[26231]: client 203.144.72.82#65253: update
    'anydomain.com/IN' denied

    Thanks

  2. #2
    Join Date
    Jul 2001
    Location
    Troy, Missouri USA
    Posts
    1,299
    Don't worry all is well!

    This is a common occurrence and it is just PortSentry doing itís job. Some script kiddie is bored.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •