Eddie, start with reading the man page for ipchains. Then go here:
http://personal.bellsouth.net/~hburgiss/linux/ipchains.html
(thanks Hal !!)
HTH,
Mike
> -----Original Message-----
> From: Eddie Strohmier [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, April 25, 2000 11:39 PM
> To: [EMAIL PROTECTED]
> Subject: Re: portsentry...
>
>
> Greg:
>
> Thanks.. Your right I really need to get IPchains down. I
> have heard so much
> about them on the list but have not as yet took the plunge and took a
> serious look at implementing them on my server. But I think
> now is the time.
> Also yes I am sure I can block udp via IOS software but I
> feel that getting
> IPchains up and going would be a priority and a more
> rewarding learning
> experience.
>
> Thanks Again,
>
> Eddie Strohmier
> Bonwell Globalnet
> www.bonwell.com
>
>
> ----- Original Message -----
> From: Greg Wright <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, April 26, 2000 1:26 AM
> Subject: Re: portsentry...
>
>
> > Do not worry about portsentry docs, what you need to do is
> learn about
> > ipchains to drop any packets from anywhere you like to wherever you
> like:-)
> > , I have not used Cisco's IOS , but surely it can control
> UDP packets as
> > well ?
> >
> > What you will do is block all by default with ipchains,
> then allow what is
> > needed, you can allow specific openings for portsentry to
> still warn you
> of
> > scannners if you like.
> >
> > *********** REPLY SEPARATOR ***********
> >
> > On 26/04/00 at 1:14 Eddie Strohmier wrote:
> >
> > >Hello:
> > >
> > >Can someone point me towards some good documentation on portsentry.
> > >
> > >I have a attack reported by portsentry on my tcp port 79.
> I blocked this
> > IP
> > >address, (219.109.142.99) via my cisco router using the
> access-deny for
> > tcp
> > >but now the @#&tard is sending me udp packets every second
> to port 7,
> > >(echo) with some kind of script that is now filling my
> /var/log/messages
> > >very quickly with portsentry attack alerts. I assume he
> got pissed that I
> > >blocked his tcp access via my router. I am not familiar
> enough with the
> > IOS
> > >software package that comes with the router to block udp
> packets from
> > >him/her. If I can't stop him with Portsentry I guess I
> will have to read
> > up
> > >on the cisco software but I thought I could use Portsentry
> to put an end
> > to
> > >this in some way but really need to read on how to
> configure it properly.
> > >Any help would be appreciated.
> > >
> > >Thanks in Advance,
> > >
> > >Eddie Strohmier
> > >Bonwell Globalnet
> >
> >
> > Regards
> >
> > Greg Wright
> > IT Consultant Sydney Australia
> >
> > --
> >
> > *** Please trim any replies ***
> > *** Please turn off HTML in your email ***
> > *** Please don't use the list for test messages ***
> > *** Why not read the archives? http://moongroup.com/redhat.phtml ***
> >
> >
> > --
> > To unsubscribe: mail [EMAIL PROTECTED] with
> "unsubscribe"
> > as the Subject.
>
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.