Posted by: isaraffee | August 10, 2009

Configuring PortSentry

Configuring PortSentry

Installing PortSentry

Check if Portsentry is installed.

# rpm -qa | grep sentry
The package was not installed.

Install the package

# cd /mnt/cdrom/Mandrake/RPMS2/ 

# rpm -iVh portsentry-1.0-8mdk.i586.rpm

Verifying the installation 

# whereis portsentry
portsentry: /usr/sbin/portsentry /etc/portsentry

# rpm -qa | grep portsentry
portsentry-1.0-8mdk

Get some information about the portsentry package,

# rpm -qi portsentry-1.0-8mdk
Name : portsentry Relocations: (not relocateable)
Version : 1.0 Vendor: MandrakeSoft
Release : 8mdk Build Date: Fri 30 Mar 2001 01:32:17 PM SGT
Install date: Wed 01 Jan 1997 12:11:47 AM SGT Build Host: bi.mandrakesoft.com
Group : System/Servers Source RPM: portsentry-1.0-8mdk.src.rpm
Size : 103004 License: see LICENSE
Packager : Linux-Mandrake Team <bugs@linux-mandrake.com>
URL : http://www.psionic.com
Summary : Psionic PortSentry
Description :
PortSentry is part of the Abacus Project suite of tools. The Abacus
Project is an initiative to release low-maintenance, generic, and reliable
host based intrusion detection software to the Internet community. More
information can be obtained from http://www.psionic.com. PortSentry
monitors TCP and UDP ports for illegal entry and port scans.&##�?##�#

Configuration files of PortSentry

]# cd /etc
[root@venus /etc]# more /etc/portsentry

*** /etc/portsentry: directory ***

The portsentry sctart-up script is
# cd /etc/init.d
[root@venus init.d]# ll portsentry
-rwx------ 1 root root 2124 Mar 30 2001 portsentry

Start up PortSentry script automatically when you boot to run levels 3, 4 or 5 (level 3 and 5 are commonly used)

# chkconfig --list | grep portsentry
portsentry 0:off 1:off 2:off 3:on 4:on 5:on 6:off

I checked that no portsentry daemon is running

# ps -ef|grep posrtsentry | grep -v grep
[root@venus init.d]#

You can also type:

# /etc/init.d /./portsentry
Usage: portsentry {start|stop|restart|reload|condrestart|status}
[root@venus init.d]# ./portsentry status
portsentry is stopped#

This shoes that the portsentry service is not running.

Exploring the /var/portsentry file

# more /var/portsentry/

*** /var/portsentry/: directory ***f

This file is empty

Exploring the /etc/portsentry directory

# cd /etc
# ll portsentry/
total 24
-rw-r--r-- 1 root root 70 Mar 30 2001 always_ignore
-rw------- 1 root root 10360 Mar 30 2001 portsentry.conf
-rw------- 1 root root 236 Mar 30 2001 portsentry.ignore
-rw-r--r-- 1 root root 174 Mar 30 2001 portsentry.modesen

Exploring each of the files.

# more always_ignore
# Include the host IP addresses you want portsentry to always ignore

[root@venus portsentry]# more portsentry.ignore
# Put hosts in here you never want blocked. This includes the IP addresses
# of all local interfaces on the protected host (i.e virtual host, mult-home)
# Keep 127.0.0.1 and 0.0.0.0 to keep people from playing games.

127.0.0.1
0.0.0.0
[root@venus portsentry]# more portsentry.modes
# These are the startup modes for portsentry.
#
# Normal TCP/UDP scanning:
#tcp
#udp
#
# Steal TCP/UDP scanning:
#stcp
#sudp
#7
# Advanced Stealth TCP/UDP scanning:
atcp
audp

To see what are being configured in the /etc/portsentry.conf file

# more portsentry.conf | grep -v "^#" | more

TCP_PORTS="1,11,15,79,111,119,143,540,635,1080,1524,2000,5742,6667,12345,12346,20034,31337,32771,32772,32773,32774,40421,49724,54320"
UDP_PORTS="1,7,9,69,161,162,513,635,640,641,700,32770,32771,32772,32773,32774,31337,54321"

ADVANCED_PORTS_TCP="1023"
ADVANCED_PORTS_UDP="1023"
ADVANCED_EXCLUDE_TCP="113,139"
ADVANCED_EXCLUDE_UDP="520,138,137,67"

IGNORE_FILE="/etc/portsentry/portsentry.ignore"
HISTORY_FILE="/etc/portsentry/portsentry.history"
BLOCKED_FILE="/etc/portsentry/portsentry.blocked"

BLOCK_UDP="1"
BLOCK_TCP="1"

Testing PortSentry

Type the following nmap commands to see which ports are open on the local system:

# nmap -sS -O 127.0.0.1
Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ )
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1507 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
80/tcp open http
110/tcp open pop-3
111/tcp open sunrpc
443/tcp open https
603/tcp open unknown
631/tcp open unknown
901/tcp open samba-swat
1024/tcp open kdm
1025/tcp open listen
1026/tcp open nterm
3306/tcp open mysql
6000/tcp open X11

TCP Sequence Prediction: positive increments
Difficulty=1499352 (Good luck!)
No OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
TSeq(Class=RI%gcd=1%SI=16DBEB)
TSeq(Class=RI%gcd=3%SI=7A0B6)
TSeq(Class=RI%gcd=1%SI=16E0D8)
T1(Resp=Y%DF=Y%W=7FFF%ACK=S++%Flags=AS%Ops=MNNTNW)
T2(Resp=N)
T3(Resp=Y%DF=Y%W=7FFF%ACK=S++%Flags=AS%Ops=MNNTNW)
T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=Y%DF=Y%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)

Nmap run completed -- 1 IP address (1 host up) scanned in 8 seconds

Start the portsentry service and verify it

]# cd /etc/init.d/
[root@venus init.d]# ./portsentry start
Starting portsentry -atcp: [ OK ]
Starting portsentry -audp: [ OK ]

[root@venus init.d]# ps -ef|grep portsentry
root 2146 1 0 12:21 ? 00:00:00 /usr/sbin/portsentry -atcp
root 2157 1 0 12:21 ? 00:00:00 /usr/sbin/portsentry -audp
root 2165 1851 0 12:21 pts/1 00:00:00 grep portsentry

Look at the /var/log/messges file

#tail -f /var/log/messages

Mar 26 12:21:16 venus portsentry[2145]: adminalert: Psionic PortSentry 1.0 is starting.
Mar 26 12:21:16 venus portsentry[2146]: adminalert: Advanced mode will monitor first 1023 ports
Mar 26 12:21:16 venus portsentry: Starting portsentry -atcp: succeeded
Mar 26 12:21:16 venus portsentry[2156]: adminalert: Psionic PortSentry 1.0 is starting.
Mar 26 12:21:16 venus portsentry[2157]: adminalert: Advanced mode will monitor first 1023 ports
Mar 26 12:21:16 venus portsentry: Starting portsentry -audp: succeeded
Mar 26 12:21:16 venus portsentry[2146]: adminalert: Advanced mode will manually exclude port: 113
Mar 26 12:21:16 venus portsentry[2146]: adminalert: Advanced mode will manually exclude port: 139
Mar 26 12:21:16 venus portsentry[2146]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 21
Mar 26 12:21:16 venus portsentry[2146]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 22
Mar 26 12:21:16 venus portsentry[2146]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 23
Mar 26 12:21:16 venus portsentry[2146]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 25
Mar 26 12:21:16 venus portsentry[2146]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 80
Mar 26 12:21:16 venus portsentry[2146]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 110
Mar 26 12:21:16 venus portsentry[2146]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 111
Mar 26 12:21:16 venus portsentry[2146]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 443
Mar 26 12:21:16 venus portsentry[2146]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 603
Mar 26 12:21:16 venus portsentry[2146]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 631
Mar 26 12:21:16 venus portsentry[2146]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 901
Mar 26 12:21:16 venus portsentry[2146]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 113
Mar 26 12:21:16 venus portsentry[2146]: adminalert: Advanced Stealth scan detection mode activated. Ignored TCP port: 139
Mar 26 12:21:16 venus portsentry[2146]: adminalert: PortSentry is now active and listening.
Mar 26 12:21:16 venus portsentry[2157]: adminalert: Advanced mode will manually exclude port: 520
Mar 26 12:21:16 venus portsentry[2157]: adminalert: Advanced mode will manually exclude port: 138
Mar 26 12:21:16 venus portsentry[2157]: adminalert: Advanced mode will manually exclude port: 137
Mar 26 12:21:16 venus portsentry[2157]: adminalert: Advanced mode will manually exclude port: 67
Mar 26 12:21:16 venus portsentry[2157]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP port: 111
Mar 26 12:21:16 venus portsentry[2157]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP port: 177
Mar 26 12:21:16 venus portsentry[2157]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP port: 601
Mar 26 12:21:16 venus portsentry[2157]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP port: 631
Mar 26 12:21:16 venus portsentry[2157]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP port: 763
Mar 26 12:21:16 venus portsentry[2157]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP port: 1011
Mar 26 12:21:16 venus portsentry[2157]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP port: 520
Mar 26 12:21:16 venus portsentry[2157]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP port: 138
Mar 26 12:21:16 venus portsentry[2157]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP port: 137
Mar 26 12:21:16 venus portsentry[2157]: adminalert: Advanced Stealth scan detection mode activated. Ignored UDP port: 67
Mar 26 12:21:16 venus portsentry[2157]: adminalert: PortSentry is now active and listening.

Try to telnet to the localhost and at the same time look at the /var/log/messages

# telnet venus.localdomain
Trying 169.254.34.253...
Connected to venus.localdomain.
Escape character is '^]'.
Welcome to venus.localdomain
Linux Mandrake release 8.0 (Traktopel) for i586
Kernel 2.4.3-20mdk on an i686
login: marsita
Password:
YPBINDPROC_DOMAIN: Domain not bound
Last login: Sat Mar 24 10:02:49 from mercury.localdomain
[marsita@venus marsita]$@ 

The messages file when telnet

Mar 26 12:24:56 venus login(pam_unix)[2170]: session opened for user marsita by (uid=0)
Mar 26 12:24:56 venus -- marsita[2170]: LOGIN ON pts/3 BY marsita FROM venus

From a remote host, mercury run the nmap command agin as shown  below

nmap -sS -O 169.254.34.253. (ip address of host,venus where portsentry is configured)

Look at the /var/log/messages of host venus

I have grep by string attackalert and pipe it to a file 

# more /var/log/messages | grep attackalert > /root/script/portsentry/attackalert.txt

#more attackalert.txt
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 233
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host 169.254.34.254 has been blocked via wrappers with string: "ALL: 169.254.34.254"
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host 169.254.34.254 has been blocked via dropped route using command: "/sbin/ipchains -I input -s 169.254.34.254 -j DENY -l"
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 896
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 464
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 128
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 758
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 853
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 228
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 664
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 441
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 776
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 886
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 407
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 842
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 895
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 707
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 39
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 2
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 179
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 579
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 1010
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 828
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 5
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 872
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 267
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 446
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 320
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 615
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 835
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 825
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 338
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 936
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 972
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 697
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 340
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 684
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 933
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 416
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 513
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 784
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 557
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 679
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 890
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 894
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 424
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 69
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 525
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 257
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 889
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 788
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 262
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 775
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 974
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 395
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 736
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 689
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 333
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 1003
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 59
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 466
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 352
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 133
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 747
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 971
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 461
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 159
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 428
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 636
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 332
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 855
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 620
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 653
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 38
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 78
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 231
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 76
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 757
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 308
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 749
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 632
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 996
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 795
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 453
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 420
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 851
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 165
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 812
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 47
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 715
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 350
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 186
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 694
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 488
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 521
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 385
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 621
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 660
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 192
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 533
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 478
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 225
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 908
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 153
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 569
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 298
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 430
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 693
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 957
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 45
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 358
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 771
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 633
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 567
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 799
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 489
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 465
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 399
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 438
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 384
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 278
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 145
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 745
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 655
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 731
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 830
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 150
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 732
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 402
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 711
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 829
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 934
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 286
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 979
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 174
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 904
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 924
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 706
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 562
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 716
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 770
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 868
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 118
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 644
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 637
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 175
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 860
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 42
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 523
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 124
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 193
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 880
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 654
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 382
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 405
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 813
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 673
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 982
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 3
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 686
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 992
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 425
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 122
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 739
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 552
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 374
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 987
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 335
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 607
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 463
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 508
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 195
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 216
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 824
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 95
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 211
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 539
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 545
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 341
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 817
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 629
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 1021
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 602
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 942
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 294
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 678
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 164
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 160
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 561
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 667
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 251
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 293
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 542
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 61
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 623
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 469
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 520
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 921
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 709
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 462
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 292
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Mar 26 12:32:47 venus portsentry[2146]: attackalert: SYN/Normal scan from host: mercury.localdomain/169.254.34.254 to TCP port: 912
Mar 26 12:32:47 venus portsentry[2146]: attackalert: Host: mercury.localdomain/169.254.34.254 is already blocked Ignoring
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: