[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] atn: CarrieB :) is this still current?

Subject: Re: [cobalt-users] atn: CarrieB :) is this still current?
From: "Carrie Bartkowiak" <ravencarrie@xxxxxxxx>
Date: Mon May 7 10:12:02 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> Hi, Carrie-
> I'm finally getting around to installing portsentry and wondering if
you
> have updated your quickstart guide, snipped below, from the archive?

The only change to that was that I *did* put PortSentry into the
startup rc.local file. (That was a note to myself that I hadn't done
it yet when writing it that night.)
If you had a clean 'make' then it shouldn't have grumbled at you. All
you have to do is configure it now.
# pico /usr/local/psionic/portsentry/portsentry.conf
Read this *very* carefully and decide what you want to do. I have mine
set on 'anal' mode, but I took some of the ports out of the line-up.
The normal mode is fine for starters. Then further down in the KILL
ROUTE section, you'll probably want the line for Linux where it drops
the offending IP into the routing table (/sbin/route add -host IPaddy
reject). That's really all there is to it, and I think those are the
default settings.
Take out the ports that you don't want it to listen on (80,81,110,
etc.) - ones that it can't bind to anyway because they're in use by
some other service (http,https,php, etc.) so that it doesn't scare you
by saying it can't connect to those ports when it starts up.

If I've missed anything I'm sure someone will hop in and scald me.  ;)

> I got a bunch of DOS or something similar attack on sunday morning
(RaQ4
> CPU went from 0.1 to 0.7 usage to usage of 7 !!! which has never
> happened).

Saturday that dumb 'cyber war' was still going on; could've been that
someone was trying to take out the connections at your NOC, or one of
your users pissed off someone who knows how to send ping attacks.
Could have also been a CGI script running loose, or something as
simple as one of your clients has a nudie pic hidden somewhere and the
URL for it had just gotten posted in some well-trolled newsgroup.
Wouldn't be the first time an instant flood of porn hounds had knocked
a server near unconcious on this list! :)

CarrieB

Follow-Ups:
- Re: [cobalt-users] atn: CarrieB :) is this still current?
  - From: Carrie Bartkowiak

References:
- [cobalt-users] atn: CarrieB :) is this still current?
  - From: Christopher Simmons - Mindset

Prev by Date: AW: AW: [cobalt-users] Nameserver RaQ4
Next by Date: Re: [cobalt-users] New Raq Setup Question
Previous by thread: [cobalt-users] atn: CarrieB :) is this still current?
Next by thread: Re: [cobalt-users] atn: CarrieB :) is this still current?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index