[NTLUG:Discuss] strange networking problem
A.L.Lambert
alambert at manisec.com
Mon Jun 25 14:03:17 CDT 2001
> Could you explain why does portcentry this? thanks a lot.
Because that's what portsentry is supposed to do. It monitors
ports that typically are never used, and when it sees an IP address trying
to access those ports, it 'blackholes' that IP address, on the assumption
that something "Bad (tm)" was being attempted by the host who was
attempting to access an unused port on your machine.
I don't know what that box you've got on .5 is doing to cause
portsentry to shut it down (you'll have to dig around in your portsentry
logs to find the answer to that), but based on your description, it's
doing something that's setting off portsentry.
Now, as to portsentry setup, I would guess your setup looks like
this:
Internet -> router/firewall -> your network.
Portsentry is sitting at that router/firewall position in the
topology. Under most circumstances, you would place the machines in your
internal network ("your network" in the above diagram) in portsentry's
ignorehosts list, so that you can surf freely, and do whatever you want,
but people who aren't on your network (ie: anyone on the Internet) will be
auto-blocked if they attempt to access something on your network that you
don't want them accessing.
Make sense?
-- A.L.Lambert
------------------------------------------------------------------------
Everything should be made as simple as possible, but not simpler.
-Einstein
------------------------------------------------------------------------
More information about the Discuss
mailing list