RE: [Leaf-user] Portsentry on ESBeta2 questions

Fri, 13 Jul 2001 15:14:58 -0700 

[EMAIL PROTECTED] wrote:

>> I have a few questions about portsentry on Eigersteinbeta2.  The firewall
>> runs on an old 486DX266 with 16MB of RAM and works beautifully (all fans
>> disabled BTW):
>>
>> 1)  Currently when I boot the LRP box the psentry process(es) should init
>> last but usually don't run.  I always get a "no more processes at this
>> runlevel" message.  Usually this happens before either psentry process
>> starts, sometimes one does get to run.  I always have to remember to
boot,
>> then once its up do a "/etc/init.d/psentry restart:
>>
>
>svi psentry start

Victor, not sure how you are suggesting I run this command.  Where would
this go to automatically run at startup without being affected by "no more
processes..."?  Or are you just saying "svi psentry start" can be run from
anywhere vs "/etc/init.d psentry restart"?

>> 2) When I do a port scan for example from www.vulnerabilities.org, my
logs
>> fill up with deny's that eventually overflow my ramdisk.  Here's what the
>> /var/psentry/history log shows:
>>
>> "995052400 - 07/13/2001 13:26:40 Host:
www.vulnerabilities.org/199.78.61.254
>> Port: 1524 TCP Blocked"
>>
>> The issue appears to be that psentry didn't block the scanner until port
>> 1524 was tried.  I have  selected the anal port config in
portsentry.conf.
>> These are:
>
>psentry is in series with the firewall - but not ahead of it.  If the
firewall
>throws the packets in the bitbucket and logs, psentry never saw those
packets.
>Psentry is good for high ports that the firewall does not DENY.

OK.  So it sounds like I have psentry configured correctly.  What is the
standard mechanism people use to not fill up their RAM disk on a 16MB system
when a portscan that starts at low ports occurs?  Should this not be taking
out my RAM disk?

Out of curiosity, I'd think many people have the same memory config as me.
16MB system (486 or 586).  Does anyone else experience this when using one
of the port scanners at the websites listed at c0wz (i.e.
www.vulnerabilities.org)?

Thanks,
Paul Rimmer
Calgary, Alberta, Canada



_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user


_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user

Reply via email to