Hi Patrick, In my default portsentry.config file I see a section on TCP Wrapper: #TCP Wrapper .... KILL_HOST_DENY="All: $TARGET$" .... #KILL_HOST_DENY="ALL: $TARGET$ : DENY" .... This means PC-B (the scanner/attacker) should be blocked by default. But that is not happening. Also, I looked portsentry.config file for the older version: portsentry-0.90.i386.rpm and TCP Wrapper section is the same. But the older version does block PC-B. Any idea? Thanks! Philip On Tue, 19 Feb 2002, Patrick "Duane" Dunston wrote: > Did you specify in the portsentry config file to append attacking > ipaddresses to /etc/hosts.deny? > > "Philip Ching (605.734.71)" wrote: > > > Hi, > > > > I installed "portsetry-1.0-11.i386.rpm" fine on PC-A (RedHat 7.1), > > and turned it on by executing "portsentry -tcp". > > > > I then used SAINT from PC-B (RedHat 7.2) to do heavy scan to PC-A. > > > > I then observed many "attackalert" messages generated by portsentry > > (in /var/log/messages on PC-A) which says PC-B has been blocked. > > > > But the funny thing is I can still telnet into PC-A (from PC-B), and > > I do not see any entry in /etc/hosts.deny. > > > > Is this a correct behavior? Should my telnet be rejected by PC-A? > > > > I remember the behavior of an older version: "portsentry-0.90.9386.rpm" > > was correct, meaning PC-B will be blocked. I used to see /var/hosts.deny > > has logged the IP address of PC-B, and I cannot telnet into PC-A > > (from PC-B) after a heavy scan action > > > > Is there anything wrong with "portsentry-1.0-11.i386.rpm", or the > > older version "portsentry-1.0-11.i386.rpm" is better? > > > > I appreciate any comments from you. > > > > Thanks! > > > > Philip > > > > ------------------------------------------------------------------------ > > To unsubscribe email security-discuss-request@linuxsecurity.com > > with "unsubscribe" in the subject of the message. > > -- > duane > > http://www.linuxsecurity.com/docs/HOWTO/MindTerm-SSH-HOWTO/index.html > http://www.linuxsecurity.com/feature_stories/feature_story-89.html > > > > ------------------------------------------------------------------------ > To unsubscribe email security-discuss-request@linuxsecurity.com > with "unsubscribe" in the subject of the message. > > ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
