Portsentry usually adds the offending host IP to the route tables, but this
isn't always the best option anymore. you can change the KILL_ROUTE command
in /usr/local/psionic/portsentry/portsentry.conf to the following and it
will add the host IP to your ipchains rules (if you're using
ipchains--which, really, you should be):
KILL_ROUTE="/sbin/ipchains -I input -s $TARGET$ -j DENY"
If you still want these probes logged, add "-l" (lower-case "L") to the line
before the last quotation mark.With this rule added to your ipchains, all
hits from that host will be dropped regardless of type.
Hopefully portsentry is not the only protection you have against intruders.
It's a great utility, but not complete enough on it's own to rely on.
--Greg
----- Original Message -----
From: "John Rye" <[EMAIL PROTECTED]>
> During the past five days Portsentry has reported several probes
> on port 1080 along with some DNS information.
>
> I understand this is the Socks Proxy port.
>
> Without disclosing (at this time) the origin of these probes,
> could someone advise me on how (or if) I should deal with/to
> them?
>
> Also, out of this, does anyone remember the 'Flint' movies
> from the 60's - I'm interested in getting hold of the alarm
> sound which was used. I think it may have been used in other
> spy spoofs but can't remember which. I'd like to use that
> as my Portsentry alarm signal.
>
> Cheers
> --
> ICQ# 89345394 Mailto: [EMAIL PROTECTED]
> "The number of UNIX installations has grown to 10, with more expected"
> (The UNIX Programmer's Manual, 2nd Edition, June 1972.)
>
>
______________________________________________________________________________
Vous avez un site perso ?
2 millions de francs à gagner sur i(france) !
Webmasters : ZE CONCOURS ! http://www.ifrance.com/_reloc/concours.emailif
