portsentry and scanning

From: jeen (jeen_at_elco.com.ua)
Date: 05/21/03


To: <security-discuss@linuxsecurity.com>
Date: Wed, 21 May 2003 14:06:18 +0300

Dear security-discuss members ! I'm sorry for my bad english but i'm shure you will understand my question. Somebody recently have scanned my server

May 21 11:38:54 elco kernel: Packet log: input REJECT eth1 PROTO=6 X.X.X.X:3223 my.server:1 L=48 S=0x00 I=8496 F=0x0000 T=83 SYN (#10)
May 21 11:38:54 elco kernel: Packet log: input REJECT eth1 PROTO=6 X.X.X.X:3224 my.server:2 L=48 S=0x00 I=8498 F=0x0000 T=83 SYN (#10)
May 21 11:38:54 elco kernel: Packet log: input REJECT eth1 PROTO=6 X.X.X.X:3225 my.server:3 L=48 S=0x00 I=8500 F=0x0000 T=83 SYN (#10)
May 21 11:38:54 elco kernel: Packet log: input REJECT eth1 PROTO=6 X.X.X.X:3226 my.server:4 L=48 S=0x00 I=8502 F=0x0000 T=83 SYN (#10)

up to 1000.. ports
and my portsentry 1.1 didn't detect it as "ACTIVE SYSTEM ATTACK". What's wrong with it ? I configured portsentry and run it in
Advanced Stealth Scan Detection mode:

# /usr/local/psionic/portsentry -atcp
# /usr/local/psionic/portsentry -audp

------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.