[lug] Interesting Crash Report

D. Stimits stimits at idcomm.com
Tue Mar 20 20:33:57 MST 2001

Deva Samartha wrote:
> >  I've denied about two dozen
> >/24 domains just because I dislike seeing anything hit port 111 (the
> >first packet gets them blocked).
> That's really neat, if possible, would you mind sharing how you do that -
> or name the software packages you use?
> Thanks,
> Samartha

John Starkey already gave the automated method, portsentry. I tend to
use tail -f on /var/log/messages while connected, and have a separate rc
file I list bans in. I just add the /24 by hand; with others there, I
just copy and paste then substitute the ip address in ipchains rules. So
I guess my app is vi :P

Actually, I would say being paranoid about what my firewall logs and
reading it quickly/acting on it is the number one tool.

D. Stimits, stimits at idcomm.com

More information about the LUG mailing list