Hi Patrick, On Tue, 19 Feb 2002, Patrick "Duane" Dunston wrote: > Did you specify in the portsentry config file to append attacking > ipaddresses to /etc/hosts.deny? No, I did not - I think that is my problem. I guess the older version "portsentry-0.90.i386.rpm" did that by default. Thanks! Philip > "Philip Ching (605.734.71)" wrote: > > > Hi, > > > > I installed "portsetry-1.0-11.i386.rpm" fine on PC-A (RedHat 7.1), > > and turned it on by executing "portsentry -tcp". > > > > I then used SAINT from PC-B (RedHat 7.2) to do heavy scan to PC-A. > > > > I then observed many "attackalert" messages generated by portsentry > > (in /var/log/messages on PC-A) which says PC-B has been blocked. > > > > But the funny thing is I can still telnet into PC-A (from PC-B), and > > I do not see any entry in /etc/hosts.deny. > > > > Is this a correct behavior? Should my telnet be rejected by PC-A? > > > > I remember the behavior of an older version: "portsentry-0.90.9386.rpm" > > was correct, meaning PC-B will be blocked. I used to see /var/hosts.deny > > has logged the IP address of PC-B, and I cannot telnet into PC-A > > (from PC-B) after a heavy scan action > > > > Is there anything wrong with "portsentry-1.0-11.i386.rpm", or the > > older version "portsentry-1.0-11.i386.rpm" is better? > > > > I appreciate any comments from you. > > > > Thanks! > > > > Philip > > > > ------------------------------------------------------------------------ > > To unsubscribe email security-discuss-request@linuxsecurity.com > > with "unsubscribe" in the subject of the message. > > -- > duane > > http://www.linuxsecurity.com/docs/HOWTO/MindTerm-SSH-HOWTO/index.html > http://www.linuxsecurity.com/feature_stories/feature_story-89.html > > > > ------------------------------------------------------------------------ > To unsubscribe email security-discuss-request@linuxsecurity.com > with "unsubscribe" in the subject of the message. > > ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
