[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
On Tue, 2003-08-19 at 22:24, Michael Chidley wrote: > > I have been reading up on portsentry on my linux 9 box..... > > I have it running at startup and I can see a process running with portsentry > when I do `ps -A` as root. > > >From the information I have gathered (thanks Google) the way it works is > this... > > It monitors the ports you specify in the portsentry.conf file, when it spots a > portscan it adds the ip address of the scanner to the portsentry.deny file > and creates a firewall entry that drops packets from the ip of the scanner. > sounds simple. > > I`ve looked at all the files in the portsentry directory and all the files > (portsentry.conf/ignore/history) are empty. I would expect some ip addresses > in those files right? > > so.... > > A) portsentry setup is not right somewhere. > B) I haven`t had any portscans. But,when I am using Windows, Norton firewall > quite often pops up to say a portscan has been blocked. I have only been > running RH9 for a couple of weeks only a clean install on a spare partition. > > The services I have running are anacron, atd,autofs,crond,cups,gpm, > iptables,keytable,kudzu, network,portsentry,rawdevices, rhnsd,syslog. > > I need some guru meditation please :-) > > Mike > Hi Mike, Run a scan from www.grc.com (204.1.226.226) Its a free service. It could be a case of know one has had a go at your system. If not get someone you trust to run nmap over your box. Regards, Luke
Attachment:
signature.asc
Description: This is a digitally signed message part