I would just like to tell you all about a great product. Portsentry...I just installed it on a test server and this is the output I got in an email Active System Attack Alerts =-=-=-=-=-=-=-=-=-=-=-=-=-= Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP" Security Violations =-=-=-=-=-=-=-=-=-= Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP" Unusual System Events =-=-=-=-=-=-=-=-=-=-= Mar 15 02:07:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:07:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:07:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:17:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:17:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:17:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:27:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:27:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:27:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:37:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:37:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:37:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:47:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:47:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:47:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP" Mar 15 02:57:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:57:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:57:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:59:00 sheeva /USR/SBIN/CRON[3533]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly) Mar 15 02:59:00 sheeva /USR/SBIN/CRON[3533]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly) Mar 15 02:59:00 sheeva /USR/SBIN/CRON[3533]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly) Mar 15 03:00:00 sheeva /USR/SBIN/CRON[3536]: (root) CMD ( /bin/sh^I/usr/local/etc/logcheck.sh) Mar 15 03:00:00 sheeva /USR/SBIN/CRON[3536]: (root) CMD ( /bin/sh^I/usr/local/etc/logcheck.sh) Mar 15 03:00:00 sheeva /USR/SBIN/CRON[3536]: (root) CMD ( /bin/sh^I/usr/local/etc/logcheck.sh) File /var/log/secure cannot be read. File /var/log/maillog cannot be read. Cool ...my first security project. Mike
I know, I've been using it for several months now. It works great but you have to warn your users. I had several DSL users who connected just for fun to all kinds of different ports and they were locked out. Their route was dropped...gives really friendly messages in your mailbox when you wake up :-( regards, stijn On Fri, 15 Mar 2002, Michael Garabedian wrote:
I would just like to tell you all about a great product.
Portsentry...I just installed it on a test server and this is the output I got in an email
Active System Attack Alerts =-=-=-=-=-=-=-=-=-=-=-=-=-= Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP"
Security Violations =-=-=-=-=-=-=-=-=-= Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP"
Unusual System Events =-=-=-=-=-=-=-=-=-=-= Mar 15 02:07:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:07:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:07:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:17:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:17:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:17:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:27:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:27:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:27:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:37:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:37:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:37:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:47:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:47:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:47:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP" Mar 15 02:57:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:57:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:57:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:59:00 sheeva /USR/SBIN/CRON[3533]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly) Mar 15 02:59:00 sheeva /USR/SBIN/CRON[3533]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly) Mar 15 02:59:00 sheeva /USR/SBIN/CRON[3533]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly) Mar 15 03:00:00 sheeva /USR/SBIN/CRON[3536]: (root) CMD ( /bin/sh^I/usr/local/etc/logcheck.sh) Mar 15 03:00:00 sheeva /USR/SBIN/CRON[3536]: (root) CMD ( /bin/sh^I/usr/local/etc/logcheck.sh) Mar 15 03:00:00 sheeva /USR/SBIN/CRON[3536]: (root) CMD ( /bin/sh^I/usr/local/etc/logcheck.sh) File /var/log/secure cannot be read. File /var/log/maillog cannot be read.
Cool ...my first security project.
Mike
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
i agree that this is a very useful product. unfortunately the additions to the
iptables will be lost at reboot. if you also create entries in /etc/hosts.deny
it is possible to create a simple script which reads information from
/etc/hosts.deny and recreate the iptable entries.
--- Stijn Vander Maelen
I know, I've been using it for several months now. It works great but you have to warn your users. I had several DSL users who connected just for fun to all kinds of different ports and they were locked out. Their route was dropped...gives really friendly messages in your mailbox when you wake up :-(
regards, stijn
On Fri, 15 Mar 2002, Michael Garabedian wrote:
I would just like to tell you all about a great product.
Portsentry...I just installed it on a test server and this is the output I got in an email
Active System Attack Alerts =-=-=-=-=-=-=-=-=-=-=-=-=-= Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP"
Security Violations =-=-=-=-=-=-=-=-=-= Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP"
Unusual System Events =-=-=-=-=-=-=-=-=-=-= Mar 15 02:07:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:07:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:07:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:17:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:17:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:17:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:27:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:27:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:27:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:37:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:37:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:37:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:47:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:47:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:47:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via wrappers with string: "ALL: 24.159.174.26" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP" Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via dropped route using command: "/usr/local/bin/iptables -I INPUT -s 24.159.174.26 -j DROP" Mar 15 02:57:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:57:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:57:36 sheeva inetd[1251]: finger/tcp (2): bind: Address already in use Mar 15 02:59:00 sheeva /USR/SBIN/CRON[3533]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly) Mar 15 02:59:00 sheeva /USR/SBIN/CRON[3533]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly) Mar 15 02:59:00 sheeva /USR/SBIN/CRON[3533]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly) Mar 15 03:00:00 sheeva /USR/SBIN/CRON[3536]: (root) CMD ( /bin/sh^I/usr/local/etc/logcheck.sh) Mar 15 03:00:00 sheeva /USR/SBIN/CRON[3536]: (root) CMD ( /bin/sh^I/usr/local/etc/logcheck.sh) Mar 15 03:00:00 sheeva /USR/SBIN/CRON[3536]: (root) CMD ( /bin/sh^I/usr/local/etc/logcheck.sh) File /var/log/secure cannot be read. File /var/log/maillog cannot be read.
Cool ...my first security project.
Mike
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
__________________________________________________ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/
Well, I've got to tell one more thing. An evil minded friend of me had the following idea: i can spoof a lot of different ip's (such as www.kernel.org, www.google.com etc.... ) and connect each time to your pc. Thus an evil hacker can really disturb your connectivity. You can exclude a lot of ip's in the portsentry configuration file but you can't put every site on the net in it. Also, i noticed that when you are portscanned your hosts.deny file grows with 18KB. When the attacker has enough time he can fill up your disk with packets coming from spoofed ip's. In my opinion is's a very usefull tool but you have to be very carefull with it. regards, stijn On Fri, 15 Mar 2002, paul kaiser wrote:
i agree that this is a very useful product. unfortunately the additions to the iptables will be lost at reboot. if you also create entries in /etc/hosts.deny it is possible to create a simple script which reads information from /etc/hosts.deny and recreate the iptable entries.
--- Stijn Vander Maelen
wrote: I know, I've been using it for several months now. It works great but you have to warn your users. I had several DSL users who connected just for fun to all kinds of different ports and they were locked out. Their route was dropped...gives really friendly messages in your mailbox when you wake up :-(
regards, stijn
On Fri, 15 Mar 2002, Michael Garabedian wrote:
I would just like to tell you all about a great product.
Portsentry...I just installed it on a test server and this is the output I got in an email
Active System Attack Alerts =-=-=-=-=-=-=-=-=-=-=-=-=-= Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Connect from host: 24.159.174.26/24.159.174.26 to TCP port: 111 Mar 15 02:54:26 sheeva portsentry[96]: attackalert: Host 24.159.174.26 has been blocked via
participants (3)
-
Michael Garabedian
-
paul kaiser
-
Stijn Vander Maelen