I have a few unusual problems that have crept into my system since my last
installation (Oct 6, 1999). I did a clean install of RH 6.0 and disabled
all of the uneeded daemons and blocked ports I knew I wouldn't use. I
installed Psionic Portsentry from the Psionic site and the sshd and ssh
packages from www.replay.com. Everything was working smoothly. I also
implemented a DCHP daemon and a POP3 server (using the IMAP package that
came with RH6.0). I have been able to 'ssh' into my box successfully until
about a week ago. I checked the /etc/hosts.deny file and found that the IP
addresses of any machines that I tried to 'ssh' from were entered into
hosts.deny by portsentry. I removed the entries, but the clients still
cannot connect. I get the following error:
Connection closed by foreign host
I also noticed that portsentry was putting my DHCP clients into the
hosts.deny file as well as the local machine's internal IP address and the
Internet IP address. The following addresses were in my hosts.deny file:
0.0.0.0
192.168.1.1 (This is the IP of the machine running portsentry)
192.168.1.6 (This is a machine that was trying to hit the POP3 server)
209.xxx.xxx.xxx (The static IP that my ISP assigns my machine when dialing
in)
Even though I removed these entries from hosts.deny and put them in the
portsentry.ignore file, they still cannot 'ssh'. If I look at
/var/log/secure it just says that the connection was refused.
Did I miss some exploit? I've heard that there is a "portsentry killer" out
there. Has anyone else heard that?
I am reluctant to try RedHat 6.1 because of all of the problems I've had
trying to install it on three different machines. Perhaps, I should give
that one more try? And, where has Redhat buried the list of security
patches for 6.0/6.1?
Thanks,
George Lenzer
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
