Greg:
Thanks.. Your right I really need to get IPchains down. I have heard so much
about them on the list but have not as yet took the plunge and took a
serious look at implementing them on my server. But I think now is the time.
Also yes I am sure I can block udp via IOS software but I feel that getting
IPchains up and going would be a priority and a more rewarding learning
experience.
Thanks Again,
Eddie Strohmier
Bonwell Globalnet
www.bonwell.com
----- Original Message -----
From: Greg Wright <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 26, 2000 1:26 AM
Subject: Re: portsentry...
> Do not worry about portsentry docs, what you need to do is learn about
> ipchains to drop any packets from anywhere you like to wherever you
like:-)
> , I have not used Cisco's IOS , but surely it can control UDP packets as
> well ?
>
> What you will do is block all by default with ipchains, then allow what is
> needed, you can allow specific openings for portsentry to still warn you
of
> scannners if you like.
>
> *********** REPLY SEPARATOR ***********
>
> On 26/04/00 at 1:14 Eddie Strohmier wrote:
>
> >Hello:
> >
> >Can someone point me towards some good documentation on portsentry.
> >
> >I have a attack reported by portsentry on my tcp port 79. I blocked this
> IP
> >address, (219.109.142.99) via my cisco router using the access-deny for
> tcp
> >but now the @#&tard is sending me udp packets every second to port 7,
> >(echo) with some kind of script that is now filling my /var/log/messages
> >very quickly with portsentry attack alerts. I assume he got pissed that I
> >blocked his tcp access via my router. I am not familiar enough with the
> IOS
> >software package that comes with the router to block udp packets from
> >him/her. If I can't stop him with Portsentry I guess I will have to read
> up
> >on the cisco software but I thought I could use Portsentry to put an end
> to
> >this in some way but really need to read on how to configure it properly.
> >Any help would be appreciated.
> >
> >Thanks in Advance,
> >
> >Eddie Strohmier
> >Bonwell Globalnet
>
>
> Regards
>
> Greg Wright
> IT Consultant Sydney Australia
>
> --
>
> *** Please trim any replies ***
> *** Please turn off HTML in your email ***
> *** Please don't use the list for test messages ***
> *** Why not read the archives? http://moongroup.com/redhat.phtml ***
>
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
