|
|
| TW2001 2003-02-04, 9:58 am |
| Hi all..
I just finished configuring Portsentry. So in running some tests I did some scans using nmapWIN over the internet to the box to test the tcpd wrappers. Working.Blocked the offending host..OK. So I then went to the hosts denied and removed the entry. Restarted portsentry,xinetd and am unable to FTP to the box. I have made no changes to my firewall and was having no problems with FTP prior to the portscans.
What do you think? | |
| ccieToBe 2003-02-04, 11:31 am |
| I ran into this problem a little over a year ago when I was testing out a portsentry config. I dont' remember any specifics at this point other then the fact that it seems the denied hosts were stored in two files for some reason. What action are you having portsentry take on offending hosts? If you're adding a firewall rule or a route, etc check that system's configuration as well. If that doesn't work, grep all of portsentry's config files for your IP.
Once you get this working I suggest setting up a cron job to delete the list of offending IPs every few months. The list can grow very large very fast and choke the processor. Also be aware of the DOS implications of running portsentry. | |
| TW2001 2003-02-06, 7:42 am |
| Thanks for the pointers.
I have it resolved. Really proably a warning would suffice. Since im building the firewall on the box from scratch. I wanted something up in the interim. | |
| ccieToBe 2003-02-06, 11:53 am |
| Or write a shell script that looks up the owner of the offending subnet, then fires off a friendly email with details of what a certain subscriber or employee was up to  | |
| TW2001 2003-02-06, 2:18 pm |
| Done  |
|
|
|