[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Portsentry help redux

Subject: Re: [cobalt-users] Portsentry help redux
From: flash22@xxxxxxx
Date: Thu Apr 5 15:15:12 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Thu, 5 Apr 2001, Chip wrote:

> Hi, folks.
> 
> Last week or so, there were a series of posts about removing  a 
> portsentry-blocked IP address from Sendmail.  I had the same problem and 
> followed the suggestions given:
> 
> Edited /etc/hosts.deny  and removed the IP address in question
> Ran the command "route delete -host [ip address] reject", which appeared to 
> work (no errors generated)

You didn't need to remove the route if you were rebooting...

> Added the IP address to portsentry.ignore
> Rebooted the server
> 
> Now the customer (who caused the problem by pinging a UDP port) can get Web 
> access but cannot access email (although it works fine from another machine 
> with a different IP address.)

This makes no sense, both web and email are TCP, they should have only
tripped UDP protection...
> 
> Is there something like a route table that I can look at to see if the 
> offending IP address is still there?  Or otherwise, does anyone have any 
> other suggestions?

in portsentry directory is a history file and a list of currently blocked
IP's

portsentry.history
portsentry.blocked.tcp
portsentry.blocked.udp

It's possible they tripped something on their ISP's side, some isp's are
trapping weird outgoing packets also...

I'm thinking coincidence here tho...

gsh

References:
- [cobalt-users] Portsentry help redux
  - From: Chip

Prev by Date: [cobalt-users] Can RaQ3 install AntiVirus
Next by Date: RE: [cobalt-users] Portsentry blocking everything?
Previous by thread: Re: [cobalt-users] Portsentry help redux
Next by thread: Re: [cobalt-users] Portsentry help redux

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index