> TCP Sequence Prediction: Class=random positive increments
> Difficulty=443419 (Good luck!)
> Remote operating system guess: Linux 2.1.122 - 2.2.14
>
> I'm curious about the difficulty rating. What exactly is that? Should
> I use that as a basis to be somewhat more confident about my security,
> or is that something else?
nmap knows packet signatures of different OS, but some
are harder to narrow down than others. Also, if you don't
have many ports open, it will have less info to work with.
It seems to think that Windows machines are easy to guess, but
linux machines are harder, probably because they look somewhat like
BSD, SunOS, etc.
> And, despite this line, I still receive portsentry attackalerts, even
> after SIGHUP'ing inetd. So, am I smoking something here? :) I thought
> that ALL was a wildcard, and that I could use it to block all
> services. But is this wrong?
portsentry monitors connections on whatever ports you tell it, not
just ones that are open. I'm on telesys and get daily scans on port 111
and 31337. So people are trying, but not connecting b/c I have nothing
running on them. Still, I have portsentry drop them in ipchains just to be
safe. A quick 'netstat -taeup' will tell you any ports that are open and
what's running on them. inetd just keeps them from connecting -- they can
still throw packets at you. To block the packets, use a packet router.
HTH,
Dave
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
