"Steven W. Orr" wrote:
> Ok Loossee. Splain it to me. The part I don't get is: How does portsentry
> see any packets at all if my basic policy is DENY? I.e., the firewall (in
> this case done with ipchains via pmfirewall) soaks up all packets and
> silently discards them. So how does portsentry ever get to think that
> *anything* is ever trying to probe me?
I dont know much about portsentry but I think some of the stuff it does would be
like adding offending hosts to /etc/hosts.deny and what not, inaddition to
ipchain rules but dont quote me on that. As far as it seeing traffic, if its like
other programs like tcpdump and snort that have the ability to bind itself to the
interface then it can capture the incomming traffic off the raw socket before
your kernel (ipchains/iptables) has the ability to act on it. In essence like
being placed on the outside of a firewall.
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
