[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Computer Blocked From Portsentry?

Subject: Re: [cobalt-users] Computer Blocked From Portsentry?
From: "H.P. Stroebel" <hpstr@xxxxxxxxxxxxx>
Date: Wed Jul 26 17:01:03 2000
Organization: Rechtsanwalt

Mike Fritsch schrieb:
 
> We have managed to get one of our computers blocked by portsentry. 
not to difficult, so i don`t congratulate :-)

>Does
> anyone now the file that the blcoked IPs would reside in? I know rebooting
> the server does the trick but that seems hasty.

it doesn`t (or only partially).

1. delete the ip from /etc/hosts.deny

2. depending on how you configured it, you have to delete the ip adress
from the kernel`s routing table. rtfm, and check the portsentry config
file  for a line containing the command "route", there should be
several, but only one not commented (#).

if you configured it right, the command is (as root)

/sbin/route -del host <ip-adress> reject

(the reject parameter is necessary even for deleting the ip,
undocumented)

3. if you use access it often from the blocked ip-adress, you can add it
to portsentry.ignore to avoid future problems (creates the danger of
ip-spoofing, but i don`t consider that as a severe security item...)
even an ip range should work (did not test it).
-- 

H. P.  Stroebel, Germany

CGI-FAQ for Raq-Newbies :
http://users.iol.it/hpstr/

Yes, I do. But not Yahoo.

References:
- [cobalt-users] Computer Blocked From Portsentry?
  - From: Mike Fritsch

Prev by Date: Re: [cobalt-users] PGP HELP - No reply?
Next by Date: Re: [cobalt-users] Qube 2 - location of yellow_cube2.jpg and html files
Previous by thread: Re: [cobalt-users] Computer Blocked From Portsentry?
Next by thread: Re: [cobalt-users] Computer Blocked From Portsentry?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index