Son Goku
No lover of dogma
- Joined
- 14 Jun 2004
- Messages
- 1,980
OK, I guess this forum fits best. Port Sentry runs under Linux, but it's network security related...
I'm currently taking a class in network security, and we're in the process of messing around with a bunch of things. Anyhow, had 2 boxes up, one with Knoppix STD, the other with (I think it was Suse, but would have to check again). Anyhow, a HD image was being ghosted over from a previous semester, and it had some probs (2 gfx cards in the comps, was setup with the other one, had to hunt down the previous semester password for the image, etc, and well it seems for anyone who grabs this from sourceforge.net there's a bad printf (); statement in the source code which prevented it from compiling till we removed it...
My image did have ver 2.2 on it, but we were using 1.2 so had to d/l that and add it. Set the thing to detect port scans and go from there. Then from the Knoppix box, launched nmap on the thing to test it...
UDP port scans were getting blocked (and the host was being added to the /etc/hosts.deny file, and also in Port Sentry's own .conf file under hosts to deny), but even with the IP added, TCP port scans were all going through and returning results back to nmap...
Looking, it looks like 2 sets of scan lists were no longer commented out (I uncommented one list, and they all looked commented when I first edited it, I'm about 95%+ sure)...
BTW, I did run both a
portsentry -tcp
portsentry -udp
to cover both protocols...
Someone have an idea what might be going on? Well we won't have class until Monday to look at this any further...
I'm currently taking a class in network security, and we're in the process of messing around with a bunch of things. Anyhow, had 2 boxes up, one with Knoppix STD, the other with (I think it was Suse, but would have to check again). Anyhow, a HD image was being ghosted over from a previous semester, and it had some probs (2 gfx cards in the comps, was setup with the other one, had to hunt down the previous semester password for the image, etc, and well it seems for anyone who grabs this from sourceforge.net there's a bad printf (); statement in the source code which prevented it from compiling till we removed it...
My image did have ver 2.2 on it, but we were using 1.2 so had to d/l that and add it. Set the thing to detect port scans and go from there. Then from the Knoppix box, launched nmap on the thing to test it...
UDP port scans were getting blocked (and the host was being added to the /etc/hosts.deny file, and also in Port Sentry's own .conf file under hosts to deny), but even with the IP added, TCP port scans were all going through and returning results back to nmap...
Looking, it looks like 2 sets of scan lists were no longer commented out (I uncommented one list, and they all looked commented when I first edited it, I'm about 95%+ sure)...
BTW, I did run both a
portsentry -tcp
portsentry -udp
to cover both protocols...
Someone have an idea what might be going on? Well we won't have class until Monday to look at this any further...