that command is blocking the one ip address ok greg stewart
if you need to block the complete 128.143 there is a different way ok
stephen
----- Original Message -----
From: "Greg Stewart" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, October 19, 2000 9:49 AM
Subject: Re: [newbie] Security Question
> Replace the portsentry.conf KILL_ROUTE command line with the following and
> restart portsentry:
>
> KILL_ROUTE="/sbin/ipchains -I input -s 128.143.40.230 -j DENY -l"
>
> This will insert the offending host at the top of your ipchains rules and
> you won't have to worry about receiving another entry from them again
(until
> you reboot, or flush ipchains).
>
> Is your Win98 box behind the linux machine on the internet? Or does it
have
> a direct connect through a non-firewalling router?
>
> --Greg
>
>
> ----- Original Message -----
> From: "Daniel J. Ferris" <[EMAIL PROTECTED]>
>
>
> > Portsentry reported this:
> >
> > Active System Attack Alerts
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=
> > Oct 17 20:36:51 hornet portsentry[642]: attackalert: UDP scan
> > from
> > host: 1Cust222.tnt5.phoenix2.az.da.uu.net/63.16.193.222 to UDP
> > port:
> > 161
> > Oct 17 20:36:51 hornet portsentry[642]: attackalert: Host
> > 63.16.193.222 has been blocked via wrappers with string: "ALL:
> > 63.16.193.222"
> > Oct 17 20:36:51 hornet portsentry[642]: attackalert: Host
> > 63.16.193.222 has been blocked via dropped route using command:
> > "/sbin/route add -host 63.16.193.222 reject"
> >
> > Zone alarm also reported this person did a syn scan on my win 98
> > box. Is there anything else that I should check?
> >
> > I have some ipchains rules set up, that will deny most anything
> > incoming. But I want to be on the safe side. :-)
> >
> > Dan
> >
>
>
>
____________________________________________________________________________
__
> Vous avez un site perso ?
> 2 millions de francs � gagner sur i(france) !
> Webmasters : ZE CONCOURS ! http://www.ifrance.com/_reloc/concours.emailif
>
>
>
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.198 / Virus Database: 95 - Release Date: 10/4/00
