Re: [cobalt-users] PortSentry works !

["Carrie Bartkowiak" <ravencarrie@xxxxxxxx>]

> I believe one would have to prove intent.  Might be a stretch to say that
> "further offences" always follow a port scan (especailly if something like
> portsentry locks them out) - (g)

But how effectively *does* portsentry lock them out?
I see them still banging away and portsentry says it's ignoring them. That
worries me because as a newbie I'm not sure what *exactly* is going on here.
The FTP exploit was to overrun the buffer so that in effect, FTP "ignored"
what else was coming through. And then the hacker had carte blanche to do
whatever he wanted to do.
I've also seen people posting this week saying "don't rely on portsentry to
solve your problems or protect your box, it should just be a heads up as to
what's going on". So that worries me too. If portsentry isn't effectively
blocking these portscanners, which we could rely on to protect ourselves,
then what is it doing?

It drops them into the hosts.deny file. Okay. Exactly what does this do?
It adds them to the /sbin/route yadda yadda table in memory. Exactly what
does that do?

I'm asking for plain-speak here, not directions to RTFM.  Usually the FMs
are *not* plain-speak and don't help me very much, if at all.
Just please explain it to me in "stick the key in the ignition and turn it,
and the car starts running" mode, not the guru-style way over my head mode.
;)

Like right this instant - I've installed ipchains. I'm RTFM on how to set it
up, I've searched the archives and have gone to the recommended pages on how
to do this, and I am so lost it's not funny. Currently I'm stuck on trying
to find the exact spot in the rc scripts where the ethernet cards are
initialized so that I can put in the anti-spoofing sniglet of code I found
in the FM. But past that I'm going to end up asking someone for help
eventually.

That fell into a tangent, and I apologize. But they're still valid questions
and sorta related. (I hope.)

CarrieB