[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] stopping unwanted traffic on a RaQ3
- Subject: Re: [cobalt-users] stopping unwanted traffic on a RaQ3
- From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
- Date: Fri Dec 13 06:45:38 2002
- Organization: Befriend Internet Services LLC
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
"Kameel" <kameel@xxxxxxxxxxxxxxx> wrote:
> There's this other box on my isp's network that is broadcasting bootp
traffic.
>
> Whilst not a big deal, port sentry is picking it up and logging it,
meaning
> the log files are just getting huge and are really cumbersome to wade
> through looking for actual errors - which is a problem :-/
>
> I've blocked the IP in port sentry,
I assume you mean that PortSentry has blocked the IP using its
KILL_HOST_DENY_ALL command to add the IP to hosts.deny, blocking the IP via
tcp wrappers (or some alternate mechanism you implemented). I thought you
might have meant you've added the IP to portsentry.ignore so that this
traffic is ignored, but then related records shouldn't appear in
/var/log/messages which is what you probably mean by "logs".
> but can I do it before port sentry to
> prevent my logs from filling up with junk ?
See the commented out KILL_ROUTE commands in portsentry.conf. I suggest
installing IPCHAINS and uncommenting the appropriate line, then restarting
PortSentry. This will block access to *all* ports from that IP and it
should never be picked up by PortSentry after that. If that's not what you
want please clarify.
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/