[Dshield] port 80 "on the high side"

John Hardin johnh at aproposretail.com
Tue Mar 25 23:24:48 GMT 2003


On Tue, 2003-03-25 at 10:29, Brenden Walker wrote:
> Examples would be nice, I'm pretty sure that I've got it all logging, but..
> I know I have portsentry setup to add entries to hosts.deny as well, would
> that block it before it gets to iptables?

No, hosts.deny is only used for TCP applications (servers) that have
tcp-wrappers support compiled in. It's one layer, but should not be the
only layer.

> Or, perhaps nevermind..looks like I may be setup fine already:
> 
> My Portsentry conf has this: 
> 	KILL_ROUTE="/sbin/iptables -I INPUT -s $TARGET$ -j DUMP

> IPTables DUMP: 
> 	$IPTABLES -N DUMP
> 	$IPTABLES -F DUMP
> 	$IPTABLES -A DUMP -p tcp -j LOG
> 	$IPTABLES -A DUMP -p udp -j LOG

Looks good. The final check: is stuff from the DUMP chain showing up in
your log file?

-- 
John Hardin  KA7OHZ                           <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
 "To disable the Internet to save EMI and Disney is the moral
  equivalent of burning down the library of Alexandria to ensure the
  livelihood of monastic scribes."
                                    -- John Ippolito of the Guggenheim
-----------------------------------------------------------------------
 58 days until The Matrix Reloaded



More information about the list mailing list