[plug] Portsentry bound to eth1 only

Niffum niffum at touch88.com.au
Tue Feb 26 11:59:23 WST 2002


edit your firewall, and block on eth1 192.168.1.0/24.  This will stop
spoofing for packets on eth1 pretending to come from your local network.
You 'should' already do this because 192.168.1.0/24 is your controlled
network.

- Niffum

----- Original Message -----
From: "Mark Nold" <markn at enspace.com>
To: <plug at plug.org.au>
Sent: Tuesday, February 26, 2002 10:15 AM
Subject: [plug] Portsentry bound to eth1 only


Hi ppls,

Does anyone know how to configure Portsentry to ignore one interface?
Basically
anything comming in off eth0 i want ignored, or i just want portsentry bound
to
eth1 (my internet connection)

I have looked at portsentry.ignore which allows ips and i have put in
192.168.1.0/24 which i think means my subnet hanging off eth0, but the doco
says this isn' a great as it may leave you vulnerable to ip spoofing.

BTW: For those of you who havent heard of it (i only just did) Portsentry
looks
for people accessing ports you're not using. It looks for sacnning from
things
like nmap or people trying to run services you're not running. Then after x
number of attempts it'll fire off an iptables (or whatever you are using
ipchains etc) rule to deny them all access. I also have it appending their
IP
to hosts.deny. But if you set it to be too nervous it'll ban your IP's as
well
:)

mn






More information about the plug mailing list