[sclug] External command run for host: using command: "echo \

Tom Dawes-Gamble tmdg at tmdg.co.uk
Sat Dec 31 14:10:54 UTC 2005

On Fri, 2005-12-30 at 12:04 +0000, Tim Sutton wrote:
> Hi All
> I regularly get breakin attempts on my webserver with the following log 
> messages (see below). I believe the breakins are being foiled by 
> portsentry but would like to
> a) make sure no permament damage is being done
> b) block these probes as effectively as possible (blocking the host etc)
> c) generally understand what is going on here...
> Any tips will be appreciated.

I sometimes wonder about things like portsentry.  I guess there is no
single sure way to secure the system other than locking it in a room and
not having any network connections.  :-)

If you have a server running a web server.  Then your system will
respond to requests on TCP port 80.  If they try to connect to UDP port
80 then nothing will respond.  I don't believe that you can make denial
of service attacks on ports that have no service on them. 

IMHO as long as you are sure you only run services you *have* to run and
you configure your iptables to on allow access to those services from
hosts you know and trust,  then portsentry doesn't have much to offer.

Of course portsentry with tell up  you when you were port scaned and by
who. I know I get port scanned but I really don't have th etime to
follow up who is doing it. So I just try to run a tight ship.


More information about the Sclug mailing list