Hi,
I installed "portsetry-1.0-11.i386.rpm" fine on PC-A (RedHat 7.1),
and turned it on by executing "portsentry -tcp".
I then used SAINT from PC-B (RedHat 7.2) to do heavy scan to PC-A.
I then observed many "attackalert" messages generated by portsentry
(in /var/log/messages on PC-A) which says PC-B has been blocked.
But the funny thing is I can still telnet into PC-A (from PC-B), and
I do not see any entry in /etc/hosts.deny.
Is this a correct behavior? Should my telnet be rejected by PC-A?
I remember the behavior of an older version: "portsentry-0.90.9386.rpm"
was correct, meaning PC-B will be blocked. I used to see /var/hosts.deny
has logged the IP address of PC-B, and I cannot telnet into PC-A
(from PC-B) after a heavy scan action
Is there anything wrong with "portsentry-1.0-11.i386.rpm", or the
older version "portsentry-1.0-11.i386.rpm" is better?
I appreciate any comments from you.
Thanks!
Philip
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
