My firewall is dropping a ton of ip's scans.
I have opened 5666 in my firewall, why would Nagios do what I would consider a port scan on the server that I have the client installed on?
Service: tcpmux (tcp/1) (IPT DROP) - 2 packets
Service: compressnet (tcp/3) (IPT DROP) - 2 packets
Service: echo (tcp/4) (IPT DROP) - 2 packets
Service: zip (tcp/6) (IPT DROP) - 2 packets
Service: echo (tcp/7) (IPT DROP) - 2 packets
Service: discard (tcp/9) (IPT DROP) - 2 packets
Service: daytime (tcp/13) (IPT DROP) - 2 packets
Service: qotd (tcp/17) (IPT DROP) - 2 packets
Service: chargen (tcp/19) (IPT DROP) - 2 packets
Service: ftp-data (tcp/20) (IPT DROP) - 2 packets
Service: ftp (tcp/21) (IPT DROP) - 2 packets
Service: telnet (tcp/23) (IPT DROP) - 2 packets
Service: 24 (tcp/24) (IPT DROP) - 2 packets
Service: smtp (tcp/25) (IPT DROP) - 2 packets
Service: 26 (tcp/26) (IPT DROP) - 2 packets
Service: 30 (tcp/30) (IPT DROP) - 2 packets
Service: 32 (tcp/32) (IPT DROP) - 2 packets
Service: dsp (tcp/33) (IPT DROP) - 2 packets
Service: time (tcp/37) (IPT DROP) - 2 packets
Service: name (tcp/42) (IPT DROP) - 2 packets
Service: nicname (tcp/43) (IPT DROP) - 2 packets
Service: tacacs (tcp/49) (IPT DROP) - 2 packets
Service: domain (tcp/53) (IPT DROP) - 2 packets
Service: gopher (tcp/70) (IPT DROP) - 2 packets
Service: finger (tcp/79) (IPT DROP) - 2 packets
Service: 81 (tcp/81) (IPT DROP) - 2 packets
Service: xfer (tcp/82) (IPT DROP) - 2 packets
ipt drops
Re: ipt drops
By client I assume you mean NRPE. Are you running any auto-discovery jobs? Those actually use nmap on the backend to determine what services are available on the remote host.
And while it may not be anything to worry about, you might want to review your security logs. Auto-discovery is, to my knowledge, the only thing Nagios would ever run a scan for.
And while it may not be anything to worry about, you might want to review your security logs. Auto-discovery is, to my knowledge, the only thing Nagios would ever run a scan for.
Former Nagios employee