Re: portsentry

[Travis Schack <Travis () Vitalisec com>]

In-Reply-To: <838D7915116649419FCF5E85774418DC0D004A () EX2K3 lccc msft>

Andrew,  

What version of iptables are you using?  What options are you using to start portsentry (-tcp, -atcp, etc...)?  

For the firewall configuration, check your PATH to iptables.  I would also recommend changing the "-I" to "-A".  The 
"-I" command needs a number to specify where in the ruleset you want the rule to be placed (i.e., "/sbin/iptables -I 
INPUT 5 -s $TARGET$ -j DROP" would insert this rule at the 5th position).  

For your TCP_Wrappers issue, are you getting any errors in the message log for this?  Have you tried scanning your 
system using another tool, like nmap?  

Just throwing some ideas out there for you.

Travis




> Hi everyone
>
> I am trying to set up portsentry on redhat enterprise AS.  I compiled
> the source correctly and edited the configuration file according to the
> directions.  The program starts fine but when I do a port scan on the
> machine with languard it doesn't place the ip address of my machine into
> the host.deny file nor does it block it through ip tables.  This worked
> fine with redhat 7.3 but I isn't working with redhat enterprise edition.
> The version of portsentry I tried is version 1.1 and 1.2 .  The kernel
> version is 2.4.21-15.0.4.ELsmp

--------------------------------------------------------------------------
FREE Network Security Webinar - How to implement IPSec security into VPN appliances 
 
New threats and vulnerabilities require new high-performance IPSec VPN solutions for network protection.
Join the security experts from SafeNet on August 26 at 1:00 PM (Eastern), and learn how to successfully integrate IPSec 
security into VPN processors and appliances to provide powerful yet cost-effective VPN solutions for your customers. 
Register now:

http://www.securityfocus.com/sponsor/SafeNet_focus-ids_040817
--------------------------------------------------------------------------