lo all, i`m running portsentry on a cobalt raq 4 webserver and i`m getting an astronomical amount of scans on port 135. I know this is one of the NetBIOS ports however all these scans are triggering portsentry to dump these people in hosts.deny I saw a post a while pack regarding the argument of portsentry auto banning and therefore restricting genuine visitors to the site if someone previous has used that host and been banned. Is there any way i can configure Portsentry to ignore Netbios scans. As just banning them doesnt seem the wisest choice in this situation.
Also if these type of people are looking for weak Netbios shares then they are obviously after windows boxes and not a threat therefore banning these lamers seems inappropriate. i`ve also had situations where people have been thrown into hosts.deny who pop their mail, therefore i dont know if i`m running in "ultra paranoid" mode. any ideas on what i could do here would be greatly appreciated. thanks in advance. rich
