[plug] Portsentry bound to eth1 only
Mark Nold
markn at enspace.com
Tue Feb 26 10:15:32 WST 2002
Hi ppls,
Does anyone know how to configure Portsentry to ignore one interface? Basically
anything comming in off eth0 i want ignored, or i just want portsentry bound to
eth1 (my internet connection)
I have looked at portsentry.ignore which allows ips and i have put in
192.168.1.0/24 which i think means my subnet hanging off eth0, but the doco
says this isn' a great as it may leave you vulnerable to ip spoofing.
BTW: For those of you who havent heard of it (i only just did) Portsentry looks
for people accessing ports you're not using. It looks for sacnning from things
like nmap or people trying to run services you're not running. Then after x
number of attempts it'll fire off an iptables (or whatever you are using
ipchains etc) rule to deny them all access. I also have it appending their IP
to hosts.deny. But if you set it to be too nervous it'll ban your IP's as well
:)
mn
More information about the plug
mailing list