Penetration Testing mailing list archives

Re: Am I missing something about portsentry?

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 22 May 2003 14:00:11 -0400 (EDT)


It should not take a kill and restart or even a kill -HUP of portsentry,
but, removing from the portsentry.blocked.X files and then deleting the
route should reopen access for the target/source in question.  Depending
upon the OS, the dead route points the offender to 127.0.0.1, so:

route -delete target-ip 127.0.0.1 should remove that also.

Thanks,

Ron DuFresne

On Thu, 22 May 2003, Vlad G. wrote:

In the process of pentesting a machine on local network I got locked out of
it due to port sentry. I kept spoofing MAC addreses, and finally got in
with an SMTP exploit.

Some of the admin stuff has to be done only from a specific MAC address,
but its now locked out. I went to portsentry.history and removed the IP
address, and removed it from portsentry.blocked.udp, portsentry.blocked and
portsentry.blocked.tcp . I even added it to portsentry.ignore. The IP
address that was black listed still not able to connect, I get connection
to host lost error. I'm sure it's because portsentry.conf file has
KILL_ROUTE="/sbin/route add -host $TARGET$ reject".

I tried deleting the route, but nothing seems to be working. Any
suggestions?

thanks


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!


---------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-pen-test
----------------------------------------------------------------------------

Current thread:

Am I missing something about portsentry? Vlad G. (May 22)
- Re: Am I missing something about portsentry? dr john halewood (May 22)
- Re: Am I missing something about portsentry? R. DuFresne (May 22)