[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
I have been reading up on portsentry on my linux 9 box..... I have it running at startup and I can see a process running with portsentry when I do `ps -A` as root. >From the information I have gathered (thanks Google) the way it works is this... It monitors the ports you specify in the portsentry.conf file, when it spots a portscan it adds the ip address of the scanner to the portsentry.deny file and creates a firewall entry that drops packets from the ip of the scanner. sounds simple. I`ve looked at all the files in the portsentry directory and all the files (portsentry.conf/ignore/history) are empty. I would expect some ip addresses in those files right? so.... A) portsentry setup is not right somewhere. B) I haven`t had any portscans. But,when I am using Windows, Norton firewall quite often pops up to say a portscan has been blocked. I have only been running RH9 for a couple of weeks only a clean install on a spare partition. The services I have running are anacron, atd,autofs,crond,cups,gpm, iptables,keytable,kudzu, network,portsentry,rawdevices, rhnsd,syslog. I need some guru meditation please :-) Mike -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.