Re: [cobalt-users] re Psionic's Log Check and Port Sentry

["Brian Curtis" <admin@xxxxxxxxxxx>]

----- Original Message -----
From: "andy" <andy@xxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Thursday, August 10, 2000 5:40 PM
Subject: [cobalt-users] re Psionic's Log Check and Port Sentry


> Hi all
> I saw a mail to this post regarding hacking and it was suggested to us
> Psionic's Log Check and Port Sentry to protect your system. Has anyone
used
> these on a Raq3.? Did iw work and is it easy to install?

I do not have it installed on a Raq 3, but the installation of Port Sentry
on standard RH boxen was quite simple and painless.  Make sure you read the
directions and configure it properly before activating it, otherwise you can
easily lock yourself out of the box when using a remote connection to your
server(s).

I did not install Psionic's Log Check since I do my own custom log
watching/parsing.

Watching Port Sentry's logfiles, it's quite entertaining to see the many .kr
& .tw addresses locked out trying to relay via POP2 & IMAP2.  Once in a
while you'll catch someone trying to connect to an oddball service port
(probably trying to exploit something).

Even though it's entertaining to see these people being dropped into an
ipchains ROUTE.DENY, you really should disable all unnecessary services on
your machines, no matter if you use something like Port Sentry or not.

BC