portsentry? does it block IP's?

Sheldon

Well-Known Member
Jun 7, 2004
378
0
166
Canada
**Unmached entries**
11 Time(s): attackalert: Connect from host: ns1.et.pku.edu.cn/162.105.142.3 to TCP port: 111
8 Time(s): attackalert: Connect from host: ns1.gse.pku.edu.cn/162.105.142.3 to TCP port: 111
2 Time(s): attackalert: Connect from host: oldcpq.hedu.pku.edu.cn/162.105.142.3 to TCP port: 111
7 Time(s): attackalert: Connect from host: v480.gse.pku.edu.cn/162.105.142.3 to TCP port: 111
Does it block the IP's when it detects them?

Sheldon
 

damainman

Well-Known Member
Nov 13, 2003
515
0
166
Sheldon said:
thanx for the tuts..

and no I dont have APF installed..

I however have BFD installed adding the blocks to /etc/hosts.deny

Sheldon

How does your BFD work without APF?
 

Sheldon

Well-Known Member
Jun 7, 2004
378
0
166
Canada
as per conf.bfd

# Pass $ATT_HOST to firewall or other application/facility (tcpwrappers)
# i.e: BCMD="echo ALL:$ATT_HOST >> /etc/hosts.deny"
#BCMD="/etc/apf/apf -d $ATT_HOST"
change to

# Pass $ATT_HOST to firewall or other application/facility (tcpwrappers)
# i.e: BCMD="echo ALL:$ATT_HOST >> /etc/hosts.deny"
#BCMD="/etc/apf/apf -d $ATT_HOST"
BCMD="echo ALL:$ATT_HOST:DENY >> /etc/hosts.deny"
Sheldon