[NTLUG:Discuss] strange networking problem

m m llliiilll at hotmail.com
Tue Jun 26 13:29:39 CDT 2001 

Lambert and all:

Thank you for the input.
I checked the ignorefile again, and .5 is missing on the list. however, 
after adding the .5 on the list and reboot the firewall box (without reboot 
the Win98),
do a quickly check, it does not work. because it just a quick check, I will 
double check again to make sure I did right.

another question:

which script file should I restart/run in stead of reboot the box for the 
change make effect? is it the /etc/rc.d/rc.local where I put the portcentry 
lines in it?

what is the file should restart/run, if I change the /etc/hosts, 
/ect/hosts.deny?

Thanks!



>From: "A.L.Lambert" <alambert at manisec.com>
>Reply-To: discuss at ntlug.org
>To: discuss at ntlug.org
>Subject: Re: [NTLUG:Discuss] strange networking problem
>Date: Mon, 25 Jun 2001 14:03:17 -0500 (CDT)
>
> > Could you explain why does portcentry this? thanks a lot.
>
>	Because that's what portsentry is supposed to do.  It monitors
>ports that typically are never used, and when it sees an IP address trying
>to access those ports, it 'blackholes' that IP address, on the assumption
>that something "Bad (tm)" was being attempted by the host who was
>attempting to access an unused port on your machine.
>
>	I don't know what that box you've got on .5 is doing to cause
>portsentry to shut it down (you'll have to dig around in your portsentry
>logs to find the answer to that), but based on your description, it's
>doing something that's setting off portsentry.
>
>	Now, as to portsentry setup, I would guess your setup looks like
>this:
>
>Internet -> router/firewall -> your network.
>
>	Portsentry is sitting at that router/firewall position in the
>topology.  Under most circumstances, you would place the machines in your
>internal network ("your network" in the above diagram) in portsentry's
>ignorehosts list, so that you can surf freely, and do whatever you want,
>but people who aren't on your network (ie: anyone on the Internet) will be
>auto-blocked if they attempt to access something on your network that you
>don't want them accessing.
>
>	Make sense?
>
>-- A.L.Lambert
>------------------------------------------------------------------------
>Everything should be made as simple as possible, but not simpler.
>	-Einstein
>------------------------------------------------------------------------
>
>_______________________________________________
>http://www.ntlug.org/mailman/listinfo/discuss

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

More information about the Discuss mailing list