portsentry? does it block IP's?

[Sheldon]

**Unmached entries**
11 Time(s): attackalert: Connect from host: ns1.et.pku.edu.cn/162.105.142.3 to TCP port: 111
8 Time(s): attackalert: Connect from host: ns1.gse.pku.edu.cn/162.105.142.3 to TCP port: 111
2 Time(s): attackalert: Connect from host: oldcpq.hedu.pku.edu.cn/162.105.142.3 to TCP port: 111
7 Time(s): attackalert: Connect from host: v480.gse.pku.edu.cn/162.105.142.3 to TCP port: 111

Does it block the IP's when it detects them?

Sheldon

 

[chirpy]

Not unless you configure it to do so.

 

[Sheldon]

yeah ok.. how would I go about doing that..

where is the portsentry conf file?

 

[SarcNBit]

Here are a couple of articles discussing portsentry configuration:

http://www.securityfocus.com/infocus/1586

http://www.linuxworld.com/story/32843.htm


Do you have APF installed?

 

[Sheldon]

thanx for the tuts..

and no I dont have APF installed..

I however have BFD installed adding the blocks to /etc/hosts.deny

Sheldon

 

[SarcNBit]

I however have BFD installed adding the blocks to /etc/hosts.deny

Then that is probably what you want to do with portsentry

 

[damainman]

thanx for the tuts..

and no I dont have APF installed..

I however have BFD installed adding the blocks to /etc/hosts.deny

Sheldon

How does your BFD work without APF?

 

[Sheldon]

as per conf.bfd

# Pass $ATT_HOST to firewall or other application/facility (tcpwrappers)
# i.e: BCMD="echo ALL:$ATT_HOST >> /etc/hosts.deny"
#BCMD="/etc/apf/apf -d $ATT_HOST"

change to

# Pass $ATT_HOST to firewall or other application/facility (tcpwrappers)
# i.e: BCMD="echo ALL:$ATT_HOST >> /etc/hosts.deny"
#BCMD="/etc/apf/apf -d $ATT_HOST"
BCMD="echo ALL:$ATT_HOST:DENY >> /etc/hosts.deny"

Sheldon