[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Portsentry => client locked himself out please advice
- Subject: Re: [cobalt-users] Portsentry => client locked himself out please advice
- From: twooly@xxxxxxxxx
- Date: Tue Sep 17 10:30:01 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
> A client of us locked himself out.
>
> The command portsentry used was:
> www portsentry[18703]: attackalert: Host XX.XX.XXX.56 has been blocked via
> dropped route using command: "/sbin/route add -host XX.XX.XXX.56 reject"
>
> We also got:
> Sep 16 21:31:54 www named[592]: ns_req: sendto([XX.XX.XXX.56].11108):
> Network is unreachable
>
> Sep 16 21:31:50 www portsentry[18703]: attackalert: Host XX.XX.XXX.56 has
> been blocked via wrappers with string: "ALL: XX.XX.XXX.56"
>
> Note that xxx is a changed IP !
> I removed the client from:
>
> portsentry.blocked.actp
> portsentry.blocked.udp
> and from the hosts.deny
>
> and restarted portsentry.
>
> But still the client has no access from that ip which is in fact a dedicated
> DSL ip provided by his accessprovider.
> Am I overlooking something?? Do I need to restart something more ? Why does
> my client gets no access to his email and websites ? Please note that on his
> box no ipchains etc running.
>
> Please advice ! Thanks in advance!
>
> Robbert
His ip is still in the routing table issue this command
"/sbin/route del -host XX.XX.XXX.56 reject"
--Todd