[Leaf-user] Re: [LRP] why I like psentry.lrp

Sun, 08 Jul 2001 14:54:22 -0700 

Victor-

Could psentry be used to deny those nasty DNS floods?
i.e., let LRP build its own rule set as the flood
occurs? I don't remember it being mentioned in
relation to DNS flooding.
Seems like it would be an elegant solution and mostly
automagical.

-John

--- Victor McAllister <[EMAIL PROTECTED]> wrote:
> Date: Fri, 18 May 2001 09:22:15 -0700
> From: Victor McAllister <[EMAIL PROTECTED]>
> To: Linux Router Project
> <[EMAIL PROTECTED]>
> Subject: [LRP] why I like psentry.lrp
> 
> I had several dial up clowns (one from Chile) trying
> to
> connect to port 1080 recently and in one case port
> 32771.
> 
> May 18 06:54:24 myrouter kernel: Packet log: input
> DENY eth0
> PROTO=6 216.155.69.226:2333 209.204.165.73:1080 L=64
> S=0x60
> I=5138 F=0x4000 T=107 SYN (#1)
> Notice the rule that DENYied him was rule #1. 
> That's
> because psentry issued an ipchains command to block
> anything
> from this ip on any interface.  This is not
> permanent.  If
> you
> svi network reload - you will lose this rule.
> 
> It logs them here:
> # cat /var/psentry/portsentry.blocked
> 989618008 - 05/11/101 21:53:28 Host:
> dialup-166.90.230.148.Dial1.Detroit1.Level3.net/
> 166.90.230.148 Port: 1080 Blocked
> 989618008 - 05/11/101 21:53:28 Host:
> dialup-166.90.230.148.Dial1.Detroit1.Level3.net/
> 166.90.230.148 Port: 1080 Blocked
> 989700778 - 05/12/101 20:52:58 Host:
> mail.stadsdeel-geuzenveld.org/
> 194.134.249.26 Port: 32771 Blocked
> 990168864 - 05/18/101 06:54:24 Host:
> ip480pmtt.dialup.surnet.cl/
> 216.155.69.226 Port: 1080 Blocked
> 
> Apparently port 1080 is used by the SOCKS proxy
> server.  Not
> sure what 32771 was attempting....
> 
> It also puts the nasty guys number in
> /etc/hosts.deny for
> tcp wrappers
> ALL: 166.90.230.148
> ALL: 166.90.230.148
> ALL: 194.134.249.26
> ALL: 216.155.69.226
> 
> 
> 
> _______________________________________________
> linux-router maillist  - 
> [EMAIL PROTECTED]
>
http://www.linuxrouter.org/mailman/listinfo/linux-router


__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/

_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user

Reply via email to