> > > I think I'm getting "visited" pretty regularly and I'm trying to tighten
> > > my security.
> > > I installed Portsentry to see if I could catch some of these late night
> > > "visits" but I'm not getting anything. Should I see Portsentry running
> > > the list of processes?
> > Yes. ps -A
> > > I've entered the following commands:
> > > /usr/psionic/portsentry/portsentry -atcp
> > > /usr/psionic/portsentry/portsentry -sudp
> > > They both seem to start and run ok except, I see a process for the udp
> > > but not tcp. I monitor the messages log the only thing that ever gets
> > > caught is an internal machine on my network trying to use port 80. I
> > > monitor the secure log and I haven't seen any more ftp visitors since
> > > turning off ftpd, but I did get a telnet visitor yesterday. I was
> > > to catch a few hits on port 21 but it's not happening.
> > > Any idea if Portsentry is even running?
> > Its running if ps -A shows it.
> > > Thanks
> > > Tom Cox
> > I used to run portsentry but I found that it generated alot more scans
> > without it. Besides, If you have a strong chains set you really dont need
> > It doesnt to that much for you really in the way of blocking connections
> > far as I could tell. It can drop the route to that ip but then after a
> > of different ips the routing table gets kinda big.
> > JMO
> > coffee
> I second coffee's comments: I ran portsentry for a while, but it was so
> twitchy regarding access attempts all over that in the end I gave up.
> A strong(ish) firewall with kernel logging and Psionic Logcheck mailing
> "access denied" results every so often works wonders for me.
Thanks man :)
What Ive found really helpful is that after I get a basic good working firewall
configured using ipchains I just backup the configuration and then use it on
similar machines connecting to the same server. As an example, A friend of mine
email him the file and let him restore on his system.
ipchains-save > /etc/ipchains.restore
Also, For me its easier to edit the ipchains.restore file and then restore
it after flushing the rules to update changes.
ipchains-restore < /etc/ipchains.restore
As a side note, Does anyone using athome networks find 126.96.36.199 annoying?