Bug 251215 - security/portsentry: needs attention
Summary: security/portsentry: needs attention
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Glen Barber
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-11-17 13:25 UTC by Aleks
Modified: 2020-11-18 14:40 UTC (History)
2 users (show)

See Also:
linimon: maintainer-feedback? (gjb)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Aleks 2020-11-17 13:25:48 UTC
r362880 GENERIC  amd64


PortSentry - Port Scan Detector.
Copyright 1997-2003 Craig H. Rowland <craigrowland at users dot sourceforget dot net>
Licensing restrictions apply. Please see documentation
Version: 1.2

TCP_PORTS="*,311-79134"
UDP_PORTS="*,311-79134"


I ask you to fix and add the program. One IP wants to go to several ports. Obviously a virus.


17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3375  
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3372  
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3375  
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3376    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3376    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3368    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3377   
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3369    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3372    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3375    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3388    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3369    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3368  
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3388    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3372    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3378    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3369    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3368    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3377    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3378    
17/Nov/2020:14:00:13    185.61.87.246   0.0.0.0 3388    
17/Nov/2020:14:00:13    185.61.87.246   0.0.0.0 3376   
17/Nov/2020:14:00:13    185.61.87.246   0.0.0.0 3377    
17/Nov/2020:14:00:13    185.61.87.246   0.0.0.0 3378
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2020-11-17 17:56:46 UTC
^Triage: fix Summary.

To submitter: I can't tell what you are asking us to do.

The program is already in the Ports Collection, and is the latest version that was released.  It seems to be doing exactly what it says that it does.
Comment 2 dewayne 2020-11-17 18:17:32 UTC
(In reply to Aleks from comment #0)
Aleks, you'll need to check the action that you require portsentry to perform. Clearly there is a time delay of greater than 2 seconds for that offending IP address to be dealt with.  Perhaps the placement of the associated firewall rule is wrong? (Though if you require portsentry to adjust your tcp wrapper, or routing; then you may need to check those).

PS I've used portsentry for a few years, until I did extensive testing with both udp and tcp. Unfortunately in my arrangement, it didn't perform as expected and we removed from our security suite (sadly, as it appeared as a simple solution to a specific problem).
Comment 3 Aleks 2020-11-18 12:21:48 UTC
I have been using it for a long time too. How to be in this situation? One ir a bunch of ports.
Comment 4 Aleks 2020-11-18 14:40:28 UTC
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3376
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3376
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3375
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3375
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3368
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3377
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3388
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3372
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3369
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3369
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3398
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3398
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3377
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3368
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3388
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3392
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3388
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3369
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3392
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3368
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3378
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3376
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3375
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3377
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3392
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3372
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3372
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3378
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3378