Astaro User Bulletin Board
Go Back   Astaro User Bulletin Board > Closed Forums (read only) > ASG V7.500 BETA (closed)
Reload this Page [7.460][QUESTION][ANSWERED] strange port scan mail
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Welcome to the Astaro User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

 
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 07-06-2009, 07:15 PM
Wizard
  
Join Date: Jul 2008
Posts: 1,408
Default [7.460][BUG]strange port scan mail
Hi Friends !

I am getting strange portscan mail from my client

A portscan was detected. Details about the event:

Time.............: 2009:07:02-21:33:43
Source IP address: 192.168.2.254
- Where are my results?
- Query the RIPE Database
- ARIN: WHOIS Database Search
- APNIC - Query the APNIC Whois Database
shri_beta_test
--
System Uptime : 0 days 7 hours 52 minutes
System Load : 0.72
- Show quoted text -
A portscan was detected. Details about the event:

Time.............: 2009:07:02-21:42:55

Source IP address: 192.168.2.254
- Where are my results?
- Query the RIPE Database
- ARIN: WHOIS Database Search
- APNIC - Query the APNIC Whois Database
shri_beta_test
--
System Uptime : 0 days 0 hours 4 minutes
System Load : 4.16
- Show quoted text -

A portscan was detected. Details about the event:

Time.............: 2009:07:02-21:33:50

Source IP address: 192.168.2.254
- Where are my results?
- Query the RIPE Database
- ARIN: WHOIS Database Search
- APNIC - Query the APNIC Whois Database
shri_beta_test
--
System Uptime : 0 days 7 hours 52 minutes
- Show quoted text -


And in in box they are in numbers of 61 (gmail show that)

how to i diagnose this and what kind of reports u will need to understand and examine

Thanks
  #2 (permalink)  
Old 07-06-2009, 07:16 PM
 
Join Date: Jun 2009
Posts: 0
Default
Code:
Astaro Beta Report
--------------------------------
Version: 7.460
Type: QUESTION
State: ANSWERED
Reporter: utm_kid
Contributor: 
MantisID: 
--------------------------------
Last edited by andyk007; 07-07-2009 at 08:34 AM.
  #3 (permalink)  
Old 07-06-2009, 07:19 PM
Gert Hansen's Avatar
Wizard
  
Join Date: Nov 2000
Location: Karlsruhe, Germany
Posts: 1,238
Default
Is this IP adresss in use in your network.

IS this ip using FTP? This is a known false positive if you download many small files. As each file will open a new connection with an increasing post number. Just as a portscan would look like

regards
Gert
  #4 (permalink)  
Old 07-06-2009, 07:53 PM
Wizard
  
Join Date: Jul 2008
Posts: 1,408
Default
Quote:
Originally Posted by Gert Hansen View Post
Is this IP adresss in use in your network.

IS this ip using FTP? This is a known false positive if you download many small files. As each file will open a new connection with an increasing post number. Just as a portscan would look like

regards
Gert
Hello Sir,

no this is not a ip on my network ,now i switch on another asg system which had no dhcp server just now i start now i had 192.168.2.254 .

No ,this is not a ftp server ,i have ftp client in system (browser and standalone)

but why 7 hour 52 mints every time ,each mail has that time
i never keep my system so long on
i close my system in night around 12/1 am till 7am

i will diagnose more and get back to u please tell me more how i can get more dtls /from which log file ?

Thanks
Last edited by utm_kid; 07-09-2009 at 03:53 PM.
  #5 (permalink)  
Old 07-07-2009, 08:33 AM
Wizard
  
Join Date: Dec 2006
Posts: 653
Default
hi,

we have a reported support ticket with the same description. But this is not a bug. Per default the weight thresholt of the portscan detection is set to 21. This value is ok for the most of the installation but in some cases we have to set this value to a higher level to avoid such notifications. To do that you have to do following at the command line:

cc
psd
weight_threshold
=40

to close cc you have to enter strg + c

Greetings
Andreas
  #6 (permalink)  
Old 07-07-2009, 08:39 AM
Wizard
  
Join Date: Jul 2008
Posts: 1,408
Default
Quote:
Originally Posted by andyk007 View Post
hi,

we have a reported support ticket with the same description. But this is not a bug. Per default the weight thresholt of the portscan detection is set to 21. This value is ok for the most of the installation but in some cases we have to set this value to a higher level to avoid such notifications. To do that you have to do following at the command line:

cc
psd
weight_threshold
=40

to close cc you have to enter strg + c

Greetings
Andreas
Hi Andeas,
can you please explain strg+c
how to save/comeout from option below
127.0.0.1 MAIN psd/weight_threshold (INTEGER:1-65535) > =40
result: 1
40
127.0.0.1 MAIN psd/weight_threshold (INTEGER:1-65535) >


Thanks
  #7 (permalink)  
Old 07-07-2009, 08:50 AM
Moderator
  
Join Date: May 2001
Location: Karlsruhe, Germany
Posts: 925
Default
On german keyboards, the "Control" (CTRL) key is named "Steuerung" (STRG). Just press CTRL-C to exit, the changes are already applied since the set option returned without error.

Cheers,
andreas
__________________
GPG Key Fingerprint: FB30 CD95 55BF AC02 44A2 D4BC D7BB 9CAB 3725 FA7F
  #8 (permalink)  
Old 07-07-2009, 08:53 AM
Wizard
  
Join Date: Jul 2008
Posts: 1,408
Default
Quote:
Originally Posted by andreas View Post
On german keyboards, the "Control" (CTRL) key is named "Steuerung" (STRG). Just press CTRL-C to exit, the changes are already applied since the set option returned without error.

Cheers,
andreas
Ok !

Andreas i will try to learn German (do i really require ?)


haha
i will do that

Thanks
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 03:45 PM.

 
Contact Us - Astaro User Bulletin Board - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.


These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases. issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.