Fabrice Bauzac wrote:
> Hello,
>
> 12 sept. 2020 14:09:14 Dan Ritter :
>
> > John Conover wrote:
> >>
> >> Does portsentry(1) make any sense in systems with ipv6 connectivity?
> >>
> > Yes and no. If you want to know that machines are scanni
Hello,
12 sept. 2020 14:09:14 Dan Ritter :
> John Conover wrote:
>>
>> Does portsentry(1) make any sense in systems with ipv6 connectivity?
>>
> Yes and no. If you want to know that machines are scanning
> ports, yes. If you want to effectively block IPs, no.
Why wo
John Conover wrote:
>
> Does portsentry(1) make any sense in systems with ipv6 connectivity?
>
Yes and no. If you want to know that machines are scanning
ports, yes. If you want to effectively block IPs, no.
You can, of course, block well known IPv6 addresses -- I block
Google's DNS
Does portsentry(1) make any sense in systems with ipv6 connectivity?
Thanks,
John
--
John Conover, cono...@rahul.net, http://www.johncon.com/
Boa tarde amigos,
Vou precisar da ajuda de vocês mais uma vez. Instalei e configurei o Portsentry
e gostaria que ele iniciasse junto com o sistema, para não ter que iniciá-lo
manualmente todas as vezes que ligar o computador. Pesquisei na internet mas
parece que as informações estão
Bonjour,
J'ai installé Wheezy et avance dans le paramètrage d'une machine interne
qui serait serveur de crm, vsftpd des users locaux et imprimante. Ai
réglé portsentry comme préconisé dans le tutos qui disent tous pareil
(...). Lorsqu'on scanne la machine 'cat /var/log/syslog | grep
portsentry
Bonjour,
Merci pour la réponse.
Effectivement, c'est ce que je pensais, mais une confirmation me rassure.
Tous mes utilisateurs sont dans des jailshell.
Portsentry fonctionne à merveille; Toutes les tentatives de scans sont
stoppées nettes.
Mes ports sont invisibles, du coup j'échappe à tout
Bonjour la liste,
J'ai une question à vous soumettre, à
laquelle je ne trouve pas de réponse:
J'ai installé portsentry sur une
squeeze. Iptables est déjà configuré.
Portsentry ne détecte pas les
scans de ports, car il ne lie que les ports inutilisés; Or, évidemment
ceux ci sont protégés
Le Sun, 30 Oct 2011 18:27:22 +0300,
debian-user-fre...@isalo.org a écrit :
Bonjour la liste,
J'ai une question à vous soumettre, à
laquelle je ne trouve pas de réponse:
J'ai installé portsentry sur une
squeeze. Iptables est déjà configuré.
Portsentry ne détecte pas les
scans
99% des scanneurs scannent aléatoirement les ports.
Fait les tests toi même avec nmap en essayant les différentes méthodes.
portsentry sur une squeeze.
Iptables est déjà configuré. Portsentry ne détecte pas les scans de
ports, car il ne lie que les ports inutilisés; Or, évidemment ceux ci
sont protégés par iptables (INPUT DROP)... Pour que portsentry fasse son
travail (banissement des ip des vilains) j'ai ouvert des ports
entendu 127.0.0.1 est dans la liste blanche de
portsentry, sinon le résultat, de l'extérieur, c'est ça:
nmap -PN
xxx.xxx.xxx.xxx
Starting Nmap 5.00 ( http://nmap.org ) at 2011-10-30
06:27 CET
All 1000 scanned ports on nsxx.ovh.net (xxx.xxx.xxx.xxx)
are filtered
Nmap done: 1 IP address (1
Bonjour,
Hello
En examinant un rapport de chkrootkit ce matin, je m'aperçois que
j'ai une
alerte sur trois ports signalés comme INFECTED.
Je regarde alors à quoi correspondent ces ports et là je vois que ce
sont des
ports utilisés par portsentry.
Voici la ligne d'alerte que j'ai dans
Bonjour,
En examinant un rapport de chkrootkit ce matin, je m'aperçois que j'ai une
alerte sur trois ports signalés comme INFECTED.
Je regarde alors à quoi correspondent ces ports et là je vois que ce sont des
ports utilisés par portsentry.
Voici la ligne d'alerte que j'ai dans mes mails
Poderia ser um IDS qualquer ja que o tripwire e proprietario e o Portsentry ja
mataram. Parece que ninguem quer ver usuarios utilizando essas ferramentas. vou
continuar minhas buscas.
Anacleto Pavão [EMAIL PROTECTED] escreveu: Alguem tem o pacote de instalação
do Portsentry completo
Alguem tem o pacote de instalação do Portsentry completo? Agradeceria muito o
envio encontrei em http://sourceforge.net/project/downloading.php, mas nao
consigo instala-lo. Sei que ele ja nao vive mais, mas uma copia antiga ja me
serve. Obrigado
Hola, instale de nuevo Portsentry y retoque el archivo
portsentry_config.h y /etc/syslog.conf para que loguee en
/var/log/portsentry todos los eventos de port scaning sobre mi PC. Pero
luego de ejecutar desde otra PC el comando nmap -P0 mi_host y nmap
-sU mi_host no sale ningun evento en el
Hola, instale el paquete portsentry en mi Debian solo para probar la
capacidad de deteccion de escaneos de puertos que hacen en mi PC, no
para tomar ninguna accion. Pero a la hora de querer ver los logs, y
luego de escanear mi PC desde otro host usando nmap -P0
mi_pc.mi_dominio no los puedo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alejandro escribió:
Hola, instale el paquete portsentry en mi Debian solo para probar la
capacidad de deteccion de escaneos de puertos que hacen en mi PC, no
para tomar ninguna accion. Pero a la hora de querer ver los logs, y
luego de escanear mi
Vadim
Wed, 13 Oct 2004 11:27:57 -0700
I am running portsentry and courier, and I am getting this error in my syslog:
imapd-ssl: pmap_getmaps rpc problem: RPC: Unable to receive; errno =
Connection reset
by peer
If I stop either of the services, error stops. There is no mentioning
On 8/18/05, Ë(r)îÇk tåþîå þé(r)Ëz [EMAIL PROTECTED] wrote:
Saludos lista, tengo dos problema, el primero es que que quiero instalar
mod_perl en debian Sarge pero obtengo lo siguiente
Sé que no es lo que preguntas pero va una sugerencia. En lugar de
instalar apache-perl mejor instala apache y
I have the following problem:
Wenn I do a nmap to a portsentry protected host
I will be blocked after 3 scans with the following command:
KILL_RUN_CMD=/sbin/iptables -I INPUT -s $TARGET$ -j DROP
When I flush iptables (iptables -F) and try to nmap
the host again portsentry does not block
hosts blocked from time to time,
and you shouldn't have to restart the daemon to unblock them; just add
them to the permanent ignore list and remove the offending entry in
iptables while portsentry continues to run, which is pretty much the
default behavior you're seeing.
You could probably make a case
Hi,
I really not sure whats happening with portsentry, before I start the
daemon I use nmap to see the open ports:
And I get only:
22/tcp open ssh
25/tcp open smtp
80/tcp open http
111/tcp open rpcbind
Then i use nestat too, and I get something like this:
tcp0 0 0.0.0.0:111
Hi,
I really not sure whats happening with portsentry, before I start the
daemon I use nmap to see the open ports:
And I get only:
22/tcp open ssh
25/tcp open smtp
80/tcp open http
111/tcp open rpcbind
Then i use nestat too, and I get something like this:
tcp0 0 0.0.0.0
Witaj lista!
hejka
zmienilem imapa z cyrusa na couriera i teraz squirrelmail dziala
ladnie ale za to portsentry zaczelo swirowac z tym imapem ;]
znalazlem na googlach jakies odnosniki do tego np.
http://www.mail-archive.com/debian-user@lists.debian.org/msg120363.html
ale niestety nie znalazlem
I am running portsentry and courier, and I am getting this error in my
syslog:
imapd-ssl: pmap_getmaps rpc problem: RPC: Unable to receive; errno = Connection reset
by peer
If I stop either of the services, error stops. There is no mentioning of port 530
(courier rpc) in portsetry.conf. How
Hello,
During the last couple of weeks portsentry is producing a lot of alerts
on connects to ports 540 and 635:
quote-syslog
Feb 17 10:04:11 hostname portsentry[949]: attackalert: Connect from
host: fqdn/ip to TCP port: 635
Feb 17 10:04:11 hostname portsentry[949]: attackalert: Host ip has
Hello,
During the last couple of weeks portsentry is producing a lot of alerts
on connects to ports 540 and 635:
quote-syslog
Feb 17 10:04:11 hostname portsentry[949]: attackalert: Connect from
host: fqdn/ip to TCP port: 635
Feb 17 10:04:11 hostname portsentry[949]: attackalert: Host ip has
podpisałem
- Original Message -
From: Marcin [EMAIL PROTECTED]
To: debian-user-polish@lists.debian.org
Sent: Friday, January 16, 2004 12:04 AM
Subject: Re: portsentry
Witajcie,
nie wiem czy coś nabroiłem ale jesli ktoś może mi dać jakiś
przykładowy plik konfiguracyjny to bede
Witajcie,
nie wiem czy coś nabroiłem ale jesli ktoś może mi dać jakiś
przykładowy plik konfiguracyjny to bede wdzięczny.,
strzelam,
a podales pelne sciezki do programow ktore chcesz wykonywac ? (np.
/sbin/iptables /sbin/route ) itp ?
--
Pozdrawiam,
Marcin.
pcflank. A priori, tout est ok,
stealth partout.
Ce matin, j'ai installé portsentry avec l'idée qu'il prenne le relai au cas où
le firewall ferait grève. On ne sait jamais, les préavis sont nombreux pour les
prochaines semaines ;-)
Ce soir, surprise : des dizaines de lignes de log m'informant du
Thomas Shemanske, 2002-Mar-11 16:46 -0500:
I have a sid system and installed portsentry on it (and several other
woody machines in the department).
I left it in log-only mode, but immediately after starting it up, I
discovered that a machine of a colleague of mine is
banging away (every
I have a sid system and installed portsentry on it (and several other
woody machines in the department).
I left it in log-only mode, but immediately after starting it up, I
discovered that a machine of a colleague of mine is
banging away (every three minutes exactly) on port 162 (snmp-trap
-dev: chkrootkit detects libproc.a as a possible component of
t0rn v8
slice: /usr/bin/slice sets false alarm about RH-Sharpe
portsentry: Portsentry by default listens to port 31337/udp, which
chkrootkit detects as malicious. chkrootkit checks for other malicious
ports, which may be bound by innocent
this warning mean and what is causing it?
Dec 20 12:02:10 tc portsentry[540]: attackalert: Possible stealth
scan from unknown host to TCP port: 111 (accept failed)
I get it when I run a 2.4 kernel but not when I run a 2.2 kernel so
I believe it's something internal to my system
On Thu, Dec 20, 2001 at 07:44:51PM +, Pollywog wrote:
On 2001.12.20 19:33 Pollywog wrote:
On 2001.12.20 19:04 [EMAIL PROTECTED] wrote:
What does this warning mean and what is causing it?
Dec 20 12:02:10 tc portsentry[540]: attackalert: Possible stealth
scan from unknown host to TCP
What does this warning mean and what is causing it?
Dec 20 12:02:10 tc portsentry[540]: attackalert: Possible stealth scan
from unknown host to TCP port: 111 (accept failed)
I get it when I run a 2.4 kernel but not when I run a 2.2 kernel so I
believe it's something internal to my system
On 2001.12.20 19:04 [EMAIL PROTECTED] wrote:
What does this warning mean and what is causing it?
Dec 20 12:02:10 tc portsentry[540]: attackalert: Possible stealth scan
from unknown host to TCP port: 111 (accept failed)
I get it when I run a 2.4 kernel but not when I run a 2.2 kernel so I
On 2001.12.20 19:33 Pollywog wrote:
On 2001.12.20 19:04 [EMAIL PROTECTED] wrote:
What does this warning mean and what is causing it?
Dec 20 12:02:10 tc portsentry[540]: attackalert: Possible stealth scan
from unknown host to TCP port: 111 (accept failed)
I get it when I run a 2.4 kernel
Prelude est (ou sera) mieux que snort.
et Psionic Portsentry 1.1 (
http://www.linuxfocus.org/Francais/September2001/article214.shtml ) ?
Portsentry sux.
cf
http://lists.debian.org/debian-french/2001/debian-french-200103/msg01022.html
et surtout
http://lists.debian.org/debian-french/2001
* John Galt ([EMAIL PROTECTED]) [010718 05:28]:
locutus:~# dpkg -l|grep snort
ii snort 1.7-9 Flexible NIDS (Network Intrusion Detection S
locutus:~# dpkg -l|grep portsentry
ii portsentry 1.0-2 Portscan detection daemon
locutus:~#
For future reference, you
This is a bit off-topic. Yesterday I read a piece
at the following URL:
http://www.linux.ie/articles/portsentryandsnortcompared.php
comparing portsentry and snort.
It is the first time I have read anything negative about
portsentry.
Any comments?
Sam
--
(Sam Varghese)
http://www.gnubies.com
It is the first time I have read anything negative about portsentry.
while a lot of what the author is saying is true portsentry and snort are
two quite different things. really the only thing they have in common is
that they are designed to improve the security of your network/server
On Wed, 18 Jul 2001, Sam Varghese wrote:
This is a bit off-topic. Yesterday I read a piece
at the following URL:
http://www.linux.ie/articles/portsentryandsnortcompared.php
comparing portsentry and snort.
Next on their list is to compare apples and oranges...
It is the first time I have read
This is the same message I sent to another mailing list, I am really
frustrated.
-- Forwarded message --
Date: Fri, 15 Jun 2001 15:31:25 -0700 (PDT)
Hi All,
I am having a problem with portsentry on kernel 2.4.5 machines. When using
kernel 2.2.19 on the same machine
I am using unstable, and when trying to install portsentry and I do not get any
errors, but when
checking /etc/portsentry, the directory is completely empty, is this suppose to
be like this?
Another problem I have is when installing logcheck, debconf gives an error:
Working, please wait
47 matches
Mail list logo