Hi George, i am the network administrator of the Portsentry's protected firewall machines, and i have followed your good suggestion.
Now, i am asking this question: Portsentry seems a good network IDS, since a possible attacker, by starting his initial system scan, is just blocked out! What do you think about?? Thank you again for your kind interest, best regards Francesco Collini Amministratore Unico ____________________________________ Collini Consulting S.a.S. Via Cervese 1420 - 47023 Cesena (FC) Tel. e Fax: ++39 0547 632314 www.colliniconsulting.it [EMAIL PROTECTED] ____________________________________________________________________________ This email message and information contained in or attached to this message may be privileged, confidential, and protected from disclosure and is intended only for the person or entity to which it is addressed. Any review, retransmission, dissemination, printing or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this message in error, please immediately inform the sender by reply e-mail and delete the message and any attachments. Thank you. -----Messaggio originale----- Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] conto di George Theall Inviato: sabato 19 luglio 2003 22.49 A: [EMAIL PROTECTED] Oggetto: Re: Nessus and Portsentry On Sat, Jul 19, 2003 at 04:29:15PM +0200, Francesco wrote: > while making some practise with Nessus i notice that, when examing a Linux > Firewall 2.4 with portsentry listening on, Portsentry reacts and block the > nessus-ip-machine. > > Is there a way to avoid it?? Are you authorized to perform these scans? If so, have the host (interface) running nessus added to portsentry's ignore file so it will never be blocked - problem solved. Is portsentry running in stealth mode? If not, then you should be able to slip by as long as you're not running the TCP connect scanner. If so, I'm not sure if there's a way to sneak by -- perhaps Fyodor or someone else can provide some advice. Oh, don't forget... since the Nessus host has already been blocked, you'll probably need to speak with the sysadmin of the target machine to have it unblocked before you run another scan. George -- [EMAIL PROTECTED]
