Did you specify in the portsentry config file to append attacking ipaddresses to /etc/hosts.deny? "Philip Ching (605.734.71)" wrote: > Hi, > > I installed "portsetry-1.0-11.i386.rpm" fine on PC-A (RedHat 7.1), > and turned it on by executing "portsentry -tcp". > > I then used SAINT from PC-B (RedHat 7.2) to do heavy scan to PC-A. > > I then observed many "attackalert" messages generated by portsentry > (in /var/log/messages on PC-A) which says PC-B has been blocked. > > But the funny thing is I can still telnet into PC-A (from PC-B), and > I do not see any entry in /etc/hosts.deny. > > Is this a correct behavior? Should my telnet be rejected by PC-A? > > I remember the behavior of an older version: "portsentry-0.90.9386.rpm" > was correct, meaning PC-B will be blocked. I used to see /var/hosts.deny > has logged the IP address of PC-B, and I cannot telnet into PC-A > (from PC-B) after a heavy scan action > > Is there anything wrong with "portsentry-1.0-11.i386.rpm", or the > older version "portsentry-1.0-11.i386.rpm" is better? > > I appreciate any comments from you. > > Thanks! > > Philip > > ------------------------------------------------------------------------ > To unsubscribe email security-discuss-request@linuxsecurity.com > with "unsubscribe" in the subject of the message. -- duane http://www.linuxsecurity.com/docs/HOWTO/MindTerm-SSH-HOWTO/index.html http://www.linuxsecurity.com/feature_stories/feature_story-89.html ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
