r362880 GENERIC amd64 PortSentry - Port Scan Detector. Copyright 1997-2003 Craig H. Rowland <craigrowland at users dot sourceforget dot net> Licensing restrictions apply. Please see documentation Version: 1.2 TCP_PORTS="*,311-79134" UDP_PORTS="*,311-79134" I ask you to fix and add the program. One IP wants to go to several ports. Obviously a virus. 17/Nov/2020:14:00:11 185.61.87.246 0.0.0.0 3375 17/Nov/2020:14:00:11 185.61.87.246 0.0.0.0 3372 17/Nov/2020:14:00:11 185.61.87.246 0.0.0.0 3375 17/Nov/2020:14:00:11 185.61.87.246 0.0.0.0 3376 17/Nov/2020:14:00:11 185.61.87.246 0.0.0.0 3376 17/Nov/2020:14:00:11 185.61.87.246 0.0.0.0 3368 17/Nov/2020:14:00:11 185.61.87.246 0.0.0.0 3377 17/Nov/2020:14:00:11 185.61.87.246 0.0.0.0 3369 17/Nov/2020:14:00:11 185.61.87.246 0.0.0.0 3372 17/Nov/2020:14:00:11 185.61.87.246 0.0.0.0 3375 17/Nov/2020:14:00:11 185.61.87.246 0.0.0.0 3388 17/Nov/2020:14:00:11 185.61.87.246 0.0.0.0 3369 17/Nov/2020:14:00:11 185.61.87.246 0.0.0.0 3368 17/Nov/2020:14:00:11 185.61.87.246 0.0.0.0 3388 17/Nov/2020:14:00:11 185.61.87.246 0.0.0.0 3372 17/Nov/2020:14:00:11 185.61.87.246 0.0.0.0 3378 17/Nov/2020:14:00:11 185.61.87.246 0.0.0.0 3369 17/Nov/2020:14:00:11 185.61.87.246 0.0.0.0 3368 17/Nov/2020:14:00:11 185.61.87.246 0.0.0.0 3377 17/Nov/2020:14:00:11 185.61.87.246 0.0.0.0 3378 17/Nov/2020:14:00:13 185.61.87.246 0.0.0.0 3388 17/Nov/2020:14:00:13 185.61.87.246 0.0.0.0 3376 17/Nov/2020:14:00:13 185.61.87.246 0.0.0.0 3377 17/Nov/2020:14:00:13 185.61.87.246 0.0.0.0 3378
^Triage: fix Summary. To submitter: I can't tell what you are asking us to do. The program is already in the Ports Collection, and is the latest version that was released. It seems to be doing exactly what it says that it does.
(In reply to Aleks from comment #0) Aleks, you'll need to check the action that you require portsentry to perform. Clearly there is a time delay of greater than 2 seconds for that offending IP address to be dealt with. Perhaps the placement of the associated firewall rule is wrong? (Though if you require portsentry to adjust your tcp wrapper, or routing; then you may need to check those). PS I've used portsentry for a few years, until I did extensive testing with both udp and tcp. Unfortunately in my arrangement, it didn't perform as expected and we removed from our security suite (sadly, as it appeared as a simple solution to a specific problem).
I have been using it for a long time too. How to be in this situation? One ir a bunch of ports.
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3376 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3376 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3375 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3375 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3368 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3377 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3388 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3372 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3369 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3369 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3398 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3398 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3377 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3368 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3388 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3392 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3388 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3369 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3392 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3368 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3378 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3376 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3375 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3377 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3392 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3372 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3372 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3378 18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3378
Port has been removed from tree.
Port has been removed from tree. ???????????????????????????????? return or forward next !
PLEASE DO NOT CROSSPOST SAME THINGS MULTIPLE TIMES. The port was marked for deprecation and expiration so the port has been removed. The upstream has last released this in 2003. And after that there has been no specific activity. We try to keep away off these abandonware.