Greg Stewart wrote:
>
> Portsentry usually adds the offending host IP to the route tables, but this
> isn't always the best option anymore. you can change the KILL_ROUTE command
> in /usr/local/psionic/portsentry/portsentry.conf to the following and it
> will add the host IP to your ipchains rules (if you're using
> ipchains--which, really, you should be):
>
> KILL_ROUTE="/sbin/ipchains -I input -s $TARGET$ -j DENY"
>
> If you still want these probes logged, add "-l" (lower-case "L") to the line
> before the last quotation mark.With this rule added to your ipchains, all
> hits from that host will be dropped regardless of type.
>
> Hopefully portsentry is not the only protection you have against intruders.
> It's a great utility, but not complete enough on it's own to rely on.
>
I'm well protected.. using ipchains, I already have your suggestion
setup.
It was more a question of whether one should attempt to 'deal to' the
offender.
I used to be continually probed when I used ICQ and Jammer on that
other opsys, and had some good results by attacking the source-site
owner, but those were not of this type.
?? What/why would a socks proxy port port be probed ??
Suggestions and further discussion might be useful to other list
members.
Cheers
--
ICQ# 89345394 Mailto: [EMAIL PROTECTED]
"The number of UNIX installations has grown to 10, with more expected"
(The UNIX Programmer's Manual, 2nd Edition, June 1972.)
