251215 – security/portsentry: needs attention

Bug 251215 - security/portsentry: needs attention

Summary: security/portsentry: needs attention

Status:	Closed Overcome By Events

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Glen Barber

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-11-17 13:25 UTC by Aleks
Modified:	2023-04-01 17:02 UTC (History)
CC List:	4 users (show)

See Also:

Flags:	linimon: maintainer-feedback? (gjb)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Aleks 2020-11-17 13:25:48 UTC

r362880 GENERIC  amd64


PortSentry - Port Scan Detector.
Copyright 1997-2003 Craig H. Rowland <craigrowland at users dot sourceforget dot net>
Licensing restrictions apply. Please see documentation
Version: 1.2

TCP_PORTS="*,311-79134"
UDP_PORTS="*,311-79134"


I ask you to fix and add the program. One IP wants to go to several ports. Obviously a virus.


17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3375  
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3372  
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3375  
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3376    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3376    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3368    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3377   
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3369    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3372    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3375    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3388    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3369    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3368  
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3388    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3372    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3378    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3369    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3368    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3377    
17/Nov/2020:14:00:11    185.61.87.246   0.0.0.0 3378    
17/Nov/2020:14:00:13    185.61.87.246   0.0.0.0 3388    
17/Nov/2020:14:00:13    185.61.87.246   0.0.0.0 3376   
17/Nov/2020:14:00:13    185.61.87.246   0.0.0.0 3377    
17/Nov/2020:14:00:13    185.61.87.246   0.0.0.0 3378

Comment 1 Mark Linimon freebsd_committer

2020-11-17 17:56:46 UTC

^Triage: fix Summary.

To submitter: I can't tell what you are asking us to do.

The program is already in the Ports Collection, and is the latest version that was released.  It seems to be doing exactly what it says that it does.

Comment 2 dewayne 2020-11-17 18:17:32 UTC

(In reply to Aleks from comment #0)
Aleks, you'll need to check the action that you require portsentry to perform. Clearly there is a time delay of greater than 2 seconds for that offending IP address to be dealt with.  Perhaps the placement of the associated firewall rule is wrong? (Though if you require portsentry to adjust your tcp wrapper, or routing; then you may need to check those).

PS I've used portsentry for a few years, until I did extensive testing with both udp and tcp. Unfortunately in my arrangement, it didn't perform as expected and we removed from our security suite (sadly, as it appeared as a simple solution to a specific problem).

Comment 3 Aleks 2020-11-18 12:21:48 UTC

I have been using it for a long time too. How to be in this situation? One ir a bunch of ports.

Comment 4 Aleks 2020-11-18 14:40:28 UTC

18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3376
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3376
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3375
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3375
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3368
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3377
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3388
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3372
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3369
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3369
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3398
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3398
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3377
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3368
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3388
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3392
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3388
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3369
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3392
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3368
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3378
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3376
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3375
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3377
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3392
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3372
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3372
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3378
18/Nov/2020:16:36:05 <->185.7.235.186<->0.0.0.0>3378

Comment 5 Muhammad Moinur Rahman freebsd_committer

2023-03-31 00:07:01 UTC

Port has been removed from tree.

Comment 6 Aleks 2023-03-31 07:39:33 UTC

Port has been removed from tree.
????????????????????????????????


return or forward next !

Comment 7 Muhammad Moinur Rahman freebsd_committer

2023-03-31 11:42:23 UTC

PLEASE DO NOT CROSSPOST SAME THINGS MULTIPLE TIMES.

The port was marked for deprecation and expiration so the port has been removed. The upstream has last released this in 2003. And after that there has been no specific activity. We try to keep away off these abandonware.