search for: portsentri

I'm running CentOS 4 with Blue Quartz on a white box, and having problems with installing Portsentry vi the .tar.gz route. Various errors, etc. Anyone here know of a source, like an RPM or something, for Portsentry for CentOS? ... or a similar app? thnx, Manny

Hi, all: This is just a note and suggestion, not a question; but I really like this system and thought it might be useful to others so I decided to share. Hope it helps someone, and comments or suggestions are always welcome. 1. Overview: Shorewall accepts traffic on ports that I consider "hostile" (i.e. ports on which I would NEVER expect to see connections) and redirects

I installed portsentry and am using it with shorewall. I followed the HOWTO posted here, and I have it working together, I have gotten about 4 emails saying such IP is blocked for 5 days. However, in the /etc/portsentry dir, the only files in there are: portsentry.conf portsentry.ignore portsentry.temp.block There are no files that should be there like: portsentry.history portsentry.block -

Just dropping a note, I've built CentOS4 friendly RPMs (as well as RHEL4 and FC4) of two of my favourite tools, PortSentry and ProFTPd: ftp://ftp.pbone.net/mirror/ftp.falsehope.net/home/tengel/portsentry/CentOS4/ ftp://ftp.pbone.net/mirror/ftp.falsehope.net/home/tengel/proftpd/CentOS4/ PortSentry is built using the last known (RedHat 9 based) SPEC/patches from FreshRPMS, updated to apply

Hello, i use shorewall for a very long time (2 years or so) and i use it for nat and as firewall....i now use portsentrys to detect portscans but there is one problem...i use the HOWTO from the shorewall mailing list to make portsentry and shorewall work together....but there is one prob portscans get detected and a drop rule is added to shorewall for example shorewall drop 62.178.xxx.xx

I'm having some trouble with portsentry on CentOS. I've installed it and configured it to ignore my network. However, every 20 minutes, it reloads my iptables and basically kills any SSH sessions, etc. Any suggestions? Thanks, Todd -------------- next part -------------- An HTML attachment was scrubbed... URL:

Hi all, I appologise in advance if this is a little OT, but I am building a box that will serve as firewall and router for a small ''internet cafe / netcafe'' and am using CentOS... So here it is: What are the best tools to be used for keeping the potential script kiddies from ''harming the Internet'' :) ? I specifically want to be able to detect and prevent

Hi, after reading the docs (no man page) and seeing a few example howtos, I see none for Centos specifically. I hereby offer to write this and even host it, and any other wiki-able howto you want, if you can school me on the first few steps relevant to how to link up the current rpmforge rpm for RHEL4-64. See, right now, the one for centos loads into the /usr/share/doc, which is an odd place

I have been getting a lot of dictionary attacks against my server and want to automatically add the IP address of the offender when their failed SSH login attempts are equal to five or more. I was just going to write a dumb BASH script to do this unless there is a more intelligent way? Eric

On Wed, Feb 3, 2010 at 2:40 PM, Geoff Galitz <geoff at galitz.org> wrote: > > > > Should it be running, or not? > > > > > > >root at mercury:[~]$ netstat -ap --inet | grep rpc > > >tcp 0 0 *:sunrpc *:* > LISTEN 6458/portsentry > > >udp 0 0 localhost:filenet-rpc localhost:filenet-rpc

Hello everyone, I need a little help finding an issue one of my machines. I have 4 setup all the same way and just this one gives the errors. Here are the errors from Logwatch; ?################### LogWatch 5.2.2 (06/23/04) #################### ?--------------------- Arpwatch Begin ------------------------ Argument "4444'service' option expects either the name of a

I have a 3 nic setup with shorewall 1.4.8-1 running on redhat 9. My eth2 (dmz zone)has 7 secondary address attached to it. I can ping a machine in each subnet, dmz to net rules seem to be working fine on all machines.. I have my policy set as dmz to dmz accept. If I try to ping between subnets I get Nov 21 12:18:45 kbeewall kernel: Shorewall:FORWARD:REJECT:IN=eth2 OUT=eth2 SRC=172.17.0.2

as subject

I have a little home network with one Windows 98 PC and a pc running linux. My idea is that as soon as DSL is finally made available to my area (which I keep getting told will be real soon now) I want to route it through the linux box and up to the Windows PC, using IP masquerading, etc. At present I have samba enabled on the unix box which opens up several worthwhile conveniences to me:

So I have been reading the ssh attack thread and finally want to ask about something. I doubt there is a program like this, but I would love to have a program that listens at common ports that I do not use at all...and only allow that program to listen to it, especially the usual ssh port (using a different one for real ssh)... That program would then, upon receiving a 'sniff' or

Hi, Is there a security problem with ssh that I've missed??? Ik keep getting these hords of: Failed password for root from 69.242.5.195 port 39239 ssh2 with all kinds of different source addresses. They have a shot or 15 and then they are of again, but a little later on they're back and keep clogging my logs. Is there a "easy" way of getting these ip-numbers added to

Can anyone recommend an opensource package (preferably something centos 4X compatible) that can be used on a (iptables) firewall to block virus/trojan, etc? And maybe something for intrusion detection? Thanks! Dnk

On that Portsentry subject, anybody ran across an updated hostsentry rpm? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20050915/f5133636/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3022 bytes

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ok...did some checking. I forgot to mention that I killed dead syslogd. Not just a -HUP but an actual kill and restarted. I did this several times. I was trying to get something else to work. Anyway, I killed it again this morning and restarted. The infect message went away immediately. Could this have been the problem? -

Hi, I have seen this come up in a couple of threads, but nothing recent. I was wondering a couple of things and was hoping someone could clarify. I have an existing working shorewall configuration (Details at end of post). >From within this config, I have a few ports redirected for use with portsentry (like the mini-howto directs forbidden port accesses to port 49999). This works