Hi, I have installed portsentry-1-0.11 and also has configured logcheck sometime back on one of the servers. Today I have received emails form the server as below.
My questions are : a) What actions should I take ? Please advise. I have tried configuring with the command "/sbin/iptables _I input -s $TARGET$ -j DROP" Where should I incoude this command in Kill_ROUTE or in RUN_COMMAND. In the both the cases I cannot see the blocked ip in the iptables -L command. Sometimes I get get a message in the messages file ststig " using commad iptables -I..." b) I am unable to find the place where I have specified my "email address". Where can I find it, in which file ? c) I cannot find the blocked IP addresses in the /var/portsentry/portsentry.blocked.tcp I have disabled most of the services. Some services like imap, I am not able to understand as to how this is enabled. Also whatis NetBus and why is shown in Red color in the nmap output. My guess - it is more vulnerable. d) How can I open a .chm file in Linux ( It s Windows help file ) Please help. Vijay, ------------------------------------------------------------------ Active System Attack Alerts =-=-=-=-=-=-=-=-=-=-=-=-=-= Aug 29 09:34:41 linux portsentry[634]: attackalert: Connect from host: ppp-67-117-0-151.dialup.irvnca.pacbell.net/67.117.0.151 to TCP port: 1080 Aug 29 09:34:47 linux portsentry[634]: attackalert: Connect from host: ppp-67-117-0-151.dialup.irvnca.pacbell.net/67.117.0.151 to TCP port: 1080 Aug 29 09:34:47 linux portsentry[634]: attackalert: Host: 67.117.0.151 is already blocked. Ignoring Security Violations =-=-=-=-=-=-=-=-=-= Aug 29 09:34:41 linux portsentry[634]: attackalert: Connect from host: ppp-67-117-0-151.dialup.irvnca.pacbell.net/67.117.0.151 to TCP port: 1080 Aug 29 09:34:47 Linux portsentry[634]: attackalert: Connect from host: ppp-67-117-0-151.dialup.irvnca.pacbell.net/67.117.0.151 to TCP port: 1080 Aug 29 09:34:47 Linux portsentry[634]: attackalert: Host: 67.117.0.151 is already blocked. Ignoring ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
