[Dshield] port 80 "on the high side"

Brenden Walker BKWalker at DRBSystems.com
Tue Mar 25 18:29:29 GMT 2003

Examples would be nice, I'm pretty sure that I've got it all logging, but..
I know I have portsentry setup to add entries to hosts.deny as well, would
that block it before it gets to iptables?

Or, perhaps nevermind..looks like I may be setup fine already:

My Portsentry conf has this: 
	KILL_ROUTE="/sbin/iptables -I INPUT -s $TARGET$ -j DUMP

IPTables DUMP: 
	$IPTABLES -A DUMP -p tcp -j LOG
	$IPTABLES -A DUMP -p udp -j LOG

> -----Original Message-----
> From: John Hardin [mailto:johnh at aproposretail.com] 
> Sent: Tuesday, March 25, 2003 12:52 PM
> To: General DShield Discussion List
> Subject: RE: [Dshield] port 80 "on the high side"
> On Mon, 2003-03-24 at 14:33, Brenden Walker wrote:
> > I've often wondered if I should turn off PortSentry, I have 
> a feeling 
> > I'm blocking a lot of the stuff I could be reporting..
> Don't. Set it up so that the stuff that portsentry blocks 
> gets logged and reported.
> If you're using firewall rules as the block action, just make 
> sure they log the traffic in addition to blocking it. You may 
> want to set up a separate chain for these rules so that the 
> log entries are easy to identify.
> If you need help, or if people would like examples posted to 
> the list, let me know.
> -- 
> John Hardin  KA7OHZ                           
> <johnh at aproposretail.com>
> Internal Systems Administrator                    voice: 
> (425) 672-1304
> Apropos Retail Management Systems, Inc.             fax: 
> (425) 672-0192
> --------------------------------------------------------------
> ---------
>  "To disable the Internet to save EMI and Disney is the moral
>   equivalent of burning down the library of Alexandria to ensure the
>   livelihood of monastic scribes."
>                                     -- John Ippolito of the Guggenheim
> --------------------------------------------------------------
> ---------
>  58 days until The Matrix Reloaded
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list