[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] PortSentry not interacting with Ipchains. Help.
- Subject: [cobalt-users] PortSentry not interacting with Ipchains. Help.
- From: Cody Watkins <codyw@xxxxxxxxxxxxxxxxx>
- Date: Mon May 20 09:19:35 2002
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Hi all,
Our data center licensed PortSentry for all of its clients. So all the
cobalt dedicated server clients were offered a nice handy dandy .pkg file
to install PortSentry (and IPchains).
I did this last week and have been periodically checking my logs and
Portsentry is detecting and sending IPchains a block command for tons of
remote IP addresses every day. (Blocking portscanners) This is good. But
the bad thing is IPchains isn't actually blocking these IPs. I even tested
it with another computer of mine (on a different IP than the machine I
administer my cobalt with - so I dont get locked out). Guess what?
/var/logs/messages shows that my other computer was attempting a portscan
and it blocked it. But I could still access the server on my other machine.
BAD NEWS. So I looked in the logs and it shows which command it sent to
IPchains to block my machine. So I copied it out of the logs and tried it
on the command line and this is what I got:
[root admin]# /sbin/ipchains -I PSDROP -s 200.161.146.243 -j DROP &&
/sbin/ipchains -I PSDROP -d 200.161.146.243 -j DROP
ipchains: No target by that name
This is happening every time PortSentry tries to block someone. So
something is wrong and IPchains isn't blocking all the IPs that it should
be. Any suggestions?
TIA.
Cody Watkins