John Rye wrote:
>
> Greg Stewart wrote:
> >
> > Portsentry usually adds the offending host IP to the route tables, but this
> > isn't always the best option anymore. you can change the KILL_ROUTE command
> > in /usr/local/psionic/portsentry/portsentry.conf to the following and it
> > will add the host IP to your ipchains rules (if you're using
> > ipchains--which, really, you should be):
> >
> > KILL_ROUTE="/sbin/ipchains -I input -s $TARGET$ -j DENY"
> >
> > If you still want these probes logged, add "-l" (lower-case "L") to the line
> > before the last quotation mark.With this rule added to your ipchains, all
> > hits from that host will be dropped regardless of type.
> >
> > Hopefully portsentry is not the only protection you have against intruders.
> > It's a great utility, but not complete enough on it's own to rely on.
> >
>
> I'm well protected.. using ipchains, I already have your suggestion
> setup.
>
> It was more a question of whether one should attempt to 'deal to' the
> offender.
>
> I used to be continually probed when I used ICQ and Jammer on that
> other opsys, and had some good results by attacking the source-site
> owner, but those were not of this type.
>
> ?? What/why would a socks proxy port port be probed ??
>
> Suggestions and further discussion might be useful to other list
> members.
>
> Cheers
>
> --
> ICQ# 89345394 Mailto: [EMAIL PROTECTED]
> "The number of UNIX installations has grown to 10, with more expected"
> (The UNIX Programmer's Manual, 2nd Edition, June 1972.)
Some IRCd's check for open socks servers
