On newer versions of Linux I've noticed I had to actually specify the
entire (almost) field of the entry in the routing table I wanted to remove
:
ie: route del -host <IP> netmask <mask> ...... check the exact syntax for
route in the man page. Also ... portsentry allows you to select specific
hosts that can NEVER be blocked or dropped from the routing table via a
file ..... check the documentation for Portsentry to see what the name is
(I can't remember it off hand right now) plus it will depend on how you did
the install as to where the file is located. One thing I suggest is adding
your gateway to this IP file of allowed hosst that can not be dropped from
the routing table ... A firend and I did some testing and found that if we
spoofed the gateway IP and did a scan on the target machine .... it would
drop the gateway from the routing table and you guessed it ... no more net
connection to the server ... the best way to avoid this is add your gateway
to the file to prevent an easy exploit =o)
Lonny Selinger
