Hey, I've just realised something...
For a while after my firewall comes up, I get a few logged DENY packet, and
an occasional portsentry attack alert, but after some time, the network
seems to go very quite. I had checked my machine fromwork this afternoon,
and nothing was recorded since last nite.
So, I decided to force a response and I telnetted into my machine. This
triggerred the firewall and it logged the DENY packets.
Now, my situtation may actually be nothing like yours... but I wonder if
your area of the network quites down a bit (ie: stops pounding you if they
no one can really see your machine)?
Any thoughts? How did the new rpms works? Have you tried them?
--Greg
> > You've gotten Logcheck from Psionic, did you also get (and install)
> > Portsentry?
>
> I certainly did.
>
> > If portsentry was tripped, and added the offending host to the route
table
> > and the IP to the /etc/hosts.dent file, no packets will be logged for
that
> > host anymore.
>
> 'Fraid not. No-one's got through the firewall to PortSentry. Nothing has
> been added to either /etc/portsentry/portsentry.blocked.atcp or
> /etc/portsentry/portsentry.blocked.audp so no-one's tripped it. Also I
have
> PortSentry configured so that it's using ipchains, not TCP wrappers, and
the
> ipchains rule it uses to block intruders includes the -l flag.
>
> > Or, is it that DENY pakect logging stops altogether for ALL
> > offenders after
> > a while?
>
> That's the sucker! A reboot cures it briefly, but you know how us Linux
> peeps hate reboots ;-)
>
> Thanks,
>
> Tony
>
>
______________________________________________________________________________
message envoye depuis http://www.ifrance.com
emails (pop)-sites persos (espace illimite)-agenda-favoris (bookmarks)-forums
Ecoutez ce message par tel ! : 08 92 68 92 15 (france uniquement)
