Hi yah me again :> Okay Portsentry seems to be running currently under the standard -udp & -tcp modes I've just had an email from Cron Daemon...(now be gentle with me I'm only a windows man and learning :>) Subject: Cron <root@ns> /usr/local/etc/logcheck.sh Message exceeds maximum fixed size (10485760) /root/dead.letter... Saved message in /root/dead.letter I then went to root and viewed the dead.letter and it's of course 10Mb in size and all it shows is 10Mb of the following:- Sep 19 15:48:11 ns portsentry[19597]: attackalert: Host: 208.155.xx.xx is already blocked. Ignoring Sep 19 15:48:11 ns portsentry[19597]: attackalert: Connect from host: e0.br3.xxxxxxx.com/208.155.xx.xx to UDP port: 69 The xxx is the company from whom we lease the servers from. Now what I want to know is.... 1. Can I safely delete the dead.letter from root? 2. If I want to switch off portsentry how do I do that? 3. Obviously portsentry & logcheck seem to be working together am I correct? 4. Do I simply ignore this port, add the IP to the ignore list in the config or is it something I should be worried about? 5. In the manual it states that I not to put in every IP address on the machine but to use a netmask, I haven't put any in at all just left it at the default 127.0.0.1 & 0.0.0.0 - we have taken over this box and would like to monitor all the IP's incase of inside compromises - is this okay to do? Many thanks in advance & regards from Auckland Chae Charles Riley IEng MIED CCBW Member of the International Webmasters Association Member of the HTML Writers Guild ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Render-Vue - <http://render-vue.com> Web Site Design - Web Site Hosting "Letting the world see who you really are(tm)" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 164 Maraetai Drive, Maraetai Beach, Auckland, New Zealand. 1705 Tel:- +64 9 536 6367 Mobile:- 025 291 6894 _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
