Definately! I'm all ears...rather I'm all eyes since I can't see with my
ears. My wife would tell you that when I'm sitting in front of this
monitor I can't hear with my ears either! :)
--
Mark
/* I never worry about the to-jams.
* Once I've stuck my foot in my mouth
* it's already too late...just make sure
* you chew them thoroughly before swallowing!
*/
Registered Linux user #182496
* Pine 4.21 *
On Mon, 16 Oct 2000 7:00am ,John Rye spake passionately in a message:
> Greg Stewart wrote:
> >
> > Portsentry usually adds the offending host IP to the route tables, but this
> > isn't always the best option anymore. you can change the KILL_ROUTE command
> > in /usr/local/psionic/portsentry/portsentry.conf to the following and it
> > will add the host IP to your ipchains rules (if you're using
> > ipchains--which, really, you should be):
> >
> > KILL_ROUTE="/sbin/ipchains -I input -s $TARGET$ -j DENY"
> >
> > If you still want these probes logged, add "-l" (lower-case "L") to the line
> > before the last quotation mark.With this rule added to your ipchains, all
> > hits from that host will be dropped regardless of type.
> >
> > Hopefully portsentry is not the only protection you have against intruders.
> > It's a great utility, but not complete enough on it's own to rely on.
> >
>
> I'm well protected.. using ipchains, I already have your suggestion
> setup.
>
> It was more a question of whether one should attempt to 'deal to' the
> offender.
>
> I used to be continually probed when I used ICQ and Jammer on that
> other opsys, and had some good results by attacking the source-site
> owner, but those were not of this type.
>
> ?? What/why would a socks proxy port port be probed ??
>
> Suggestions and further discussion might be useful to other list
> members.
>
> Cheers
>
>
