Article 6817 at 06/09/11 11:41:18 From: bq (at mark) solarspeed.net Subject: [coba-e:06817] Re: DDoS attack

Index: [Article Count Order] [Thread]

Date:  Mon, 11 Sep 2006 04:41:03 +0200
From:  Michael Stauber <bq (at mark) solarspeed.net>
Subject:  [coba-e:06817] Re: DDoS attack
To:  coba-e (at mark) bluequartz.org
Message-Id:  <200609110441.03849.bq (at mark) solarspeed.net>
In-Reply-To:  <000f01c6d540$29762670$6400a8c0@YOUR4105E587B6>
References:  <000f01c6d540$29762670$6400a8c0@YOUR4105E587B6>
X-Mail-Count: 06817

Hi Darrell,

> My question: if using Portsentry in "anal" mode, which included ports 80
> and 110, would accessing the webserver or email cause it to detect and
> attack and block my IP address?  I have deleted those two ports since
> discovering this but want to understand what really happened.

If your Portsentry started before Apache could bind to port 80 and Xinetd 
could bind to port 110 ... then yeah. That's what locked you out.

-- 

With best regards,

Michael Stauber