It seem that some one or somebody from China keep scanning my servers ports, I guess he or she are try to get into my servers. Luckly I installed portsentry and firewall.

Does anybody got this kind of problem on a Cobalt servers envirnment?

Try editing /etc/hosts.deny
add a line like this:
(so example: ALL: 244.)

I think that should work... correct me if I'm wrong please...
This will block ALL attacks from A block 244

Well I was thinking of blocking IP from China, but I don't think is a very good idea, unless is a CC fraud situation. I just leave it as it is. I just need to pay more attaintion on my servers, check all the logs files.

By the way have you read up the thread about CC fraud at WHT forum?? They block the entire Malaysia ISP's IP to prevent fraud!!

Here's the hosts.deny file I use:
It's counterpart hosts.allow has got a few ip's in it that are allowed access. Other then those, no one is allowed in, even if they have the right passwords.

Wow Mike you seem to have a very tight security on your servers.

Well on my side, I got people mostly from China and Taiwan trying to attack my port 111(rpc.statd)

Want to find out more, go to this link:

http://www.cert.org/advisories/CA-2000-17.html

That's the benefit of having multiple fixed ip-addresses. I've got two at home, and some on other computers I have access too.
With something like that, it seemed a very good idea to limit access to the server based on ip-addresses.

It's hard enough as it is, keeping up with all kinds of patches and fixes and whatever. It's easy to miss something, so I guess every little bit helps