Do not worry about portsentry docs, what you need to do is learn about
ipchains to drop any packets from anywhere you like to wherever you like:-)
, I have not used Cisco's IOS , but surely it can control UDP packets as
well ?
What you will do is block all by default with ipchains, then allow what is
needed, you can allow specific openings for portsentry to still warn you of
scannners if you like.
*********** REPLY SEPARATOR ***********
On 26/04/00 at 1:14 Eddie Strohmier wrote:
>Hello:
>
>Can someone point me towards some good documentation on portsentry.
>
>I have a attack reported by portsentry on my tcp port 79. I blocked this
IP
>address, (219.109.142.99) via my cisco router using the access-deny for
tcp
>but now the @#&tard is sending me udp packets every second to port 7,
>(echo) with some kind of script that is now filling my /var/log/messages
>very quickly with portsentry attack alerts. I assume he got pissed that I
>blocked his tcp access via my router. I am not familiar enough with the
IOS
>software package that comes with the router to block udp packets from
>him/her. If I can't stop him with Portsentry I guess I will have to read
up
>on the cisco software but I thought I could use Portsentry to put an end
to
>this in some way but really need to read on how to configure it properly.
>Any help would be appreciated.
>
>Thanks in Advance,
>
>Eddie Strohmier
>Bonwell Globalnet
Regards
Greg Wright
IT Consultant Sydney Australia
--
*** Please trim any replies ***
*** Please turn off HTML in your email ***
*** Please don't use the list for test messages ***
*** Why not read the archives? http://moongroup.com/redhat.phtml ***
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
