[lug] Interesting Crash Report
D. Stimits
stimits at idcomm.com
Tue Mar 20 20:33:57 MST 2001
Deva Samartha wrote:
>
> > I've denied about two dozen
> >/24 domains just because I dislike seeing anything hit port 111 (the
> >first packet gets them blocked).
>
> That's really neat, if possible, would you mind sharing how you do that -
> or name the software packages you use?
>
> Thanks,
>
> Samartha
>
John Starkey already gave the automated method, portsentry. I tend to
use tail -f on /var/log/messages while connected, and have a separate rc
file I list bans in. I just add the /24 by hand; with others there, I
just copy and paste then substitute the ip address in ipchains rules. So
I guess my app is vi :P
Actually, I would say being paranoid about what my firewall logs and
reading it quickly/acting on it is the number one tool.
D. Stimits, stimits at idcomm.com
More information about the LUG
mailing list