[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Portsentry => client locked himself out please advice

also, you do not have to remove him from
the portsentry.blocked files. Those are logs.

etc.hosts.deny and the route table are all you have to
do.

You do not need to restart portsentry.

-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx] On Behalf Of
twooly@xxxxxxxxx
Sent: Tuesday, September 17, 2002 1:29 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] Portsentry => client locked himself out
please advice


> A client of us locked himself out.
> 
> The command portsentry used was:
> www portsentry[18703]: attackalert: Host XX.XX.XXX.56 has been blocked
via
> dropped route using command: "/sbin/route add -host XX.XX.XXX.56
reject"
> 
> We also got:
> Sep 16 21:31:54 www named[592]: ns_req: sendto([XX.XX.XXX.56].11108):
> Network is unreachable
> 
> Sep 16 21:31:50 www portsentry[18703]: attackalert: Host XX.XX.XXX.56
has
> been blocked via wrappers with string: "ALL: XX.XX.XXX.56"
> 
> Note that xxx is a changed IP !
> I removed the client from:
> 
> portsentry.blocked.actp
> portsentry.blocked.udp
> and from the hosts.deny
> 
> and restarted portsentry.
> 
> But still the client has no access from that ip which is in fact a
dedicated
> DSL ip provided by his accessprovider.
> Am I overlooking something?? Do I need to restart something more ? Why
does
> my client gets no access to his email and websites ? Please note that
on his
> box no ipchains etc running.
> 
> Please advice ! Thanks in advance!
> 
> Robbert


His ip is still in the routing table issue this command
"/sbin/route del -host XX.XX.XXX.56 reject"

--Todd


_____________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users