CompTIA
Exam Vouchers
Save money on CompTIA exams
| Question of the day
Sign up to receive
interactive practice questions
for MCSE, CompTIA
Cisco and other exams
| TestKing
Get MCSE, MCSD, CCNA, CCNP,A+, N+ and many more | * ExamSheets *
Guide for Success!
Actual Questions & Answers
MCSE, MCSD, A+ ,CCNA, CCNP
Oracle 8i, Oracle 9i Online practice tests
Certification sites Online university Online college Online education Distance learning Software forum Server administration forum Programming resources
|
|  |
TW2001
Senior Member
Registered: Mar 2001
Location:
Country: USA
State:
Certifications: A+,MCP
Working on: BS CompSci
Total Posts: 1413
|
|
 Portsentry
Hi all..
I just finished configuring Portsentry. So in running some tests I did some scans using nmapWIN over the internet to the box to test the tcpd wrappers. Working.Blocked the offending host..OK. So I then went to the hosts denied and removed the entry. Restarted portsentry,xinetd and am unable to FTP to the box. I have made no changes to my firewall and was having no problems with FTP prior to the portscans.
What do you think?
__________________
You wont get wise with the sleep still in your eyes....
Report this post to a moderator
|
|
 02-04-03 02:58 PM
|
|
ccieToBe
Wireless Fanatic
Registered: Jul 2000
Location: Blue Ridge, North Georgia
Country: US
State:
Certifications: CCDA, CNA, MCP, Network+, A+, BSIT
Working on: Security+
Total Posts: 2210
|
|
|
I ran into this problem a little over a year ago when I was testing out a portsentry config. I dont' remember any specifics at this point other then the fact that it seems the denied hosts were stored in two files for some reason. What action are you having portsentry take on offending hosts? If you're adding a firewall rule or a route, etc check that system's configuration as well. If that doesn't work, grep all of portsentry's config files for your IP.
Once you get this working I suggest setting up a cron job to delete the list of offending IPs every few months. The list can grow very large very fast and choke the processor. Also be aware of the DOS implications of running portsentry.
Last edited by ccieToBe on 02-04-03 at 04:34 PM
Report this post to a moderator
|
|
|
02-04-03 04:31 PM
|
|
TW2001
Senior Member
Registered: Mar 2001
Location:
Country: USA
State:
Certifications: A+,MCP
Working on: BS CompSci
Total Posts: 1413
|
|
|
Thanks for the pointers.
I have it resolved. Really proably a warning would suffice. Since im building the firewall on the box from scratch. I wanted something up in the interim.
__________________
You wont get wise with the sleep still in your eyes....
Report this post to a moderator
|
|
|
02-06-03 12:42 PM
|
|
ccieToBe
Wireless Fanatic
Registered: Jul 2000
Location: Blue Ridge, North Georgia
Country: US
State:
Certifications: CCDA, CNA, MCP, Network+, A+, BSIT
Working on: Security+
Total Posts: 2210
|
|
|
Or write a shell script that looks up the owner of the offending subnet, then fires off a friendly email with details of what a certain subscriber or employee was up to 
Report this post to a moderator
|
|
|
02-06-03 04:53 PM
|
|
TW2001
Senior Member
Registered: Mar 2001
Location:
Country: USA
State:
Certifications: A+,MCP
Working on: BS CompSci
Total Posts: 1413
|
|
|
|
02-06-03 07:18 PM
|
|
|
Featured site: MCSE, MCSD, CompTIA, CCNA training videos
Forum Rules:
Who Can Read The Forum? Any registered user or guest.
Who Can Post New Topics? Any registered user.
Who Can Post Replies? Any registered user.
Changes: Messages can be edited by their author.
Posts: HTML code is OFF. Smilies are ON. vB code is ON. [IMG] code is ON. |
|
ExamNotes forum archive
|
