I installed portsentry and ipchains on all my raqs, but on one i stell get these messages:

Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Feb 17 23:55:38 www portsentry[20952]: attackalert: TCP NULL scan from host: p8807.nl.wish.net/212.123.172.103 to TCP port: 514
Feb 17 23:55:38 www portsentry[20952]: attackalert: Host 212.123.172.103 has been blocked via wrappers with string: "ALL: 212.123.172.103"
Feb 17 23:55:38 www portsentry[20952]: attackalert: Host 212.123.172.103 has been blocked via dropped route using command: "/sbin/route add -host 212.123.172.103 reject"
Feb 18 00:09:48 www portsentry[20952]: attackalert: TCP NULL scan from host: p7724.nl.wish.net/212.123.168.44 to TCP port: 514

Shouln't ipchains block thing first ?
I did a ipchains -L -v -n and all rules show like they should.

So is this normal that i still get these messages ?

Sorry dutchie, :blush: I don't think I can help u out with this. Actually is me the one who need your advice. :blush:

I had installed portsentry on my RaQ servers and planning to install IPchains soon, just want to know what is the latest version for Ipchains? So far does the IPchians & portsentry works side by side very well ?

Does this few basic ports like 21, 25, 53, 80, 81, 110
require to open for public to view the web site and the rest can deny?

Thanks
:)

These are my rules.
I must ad that they seem to work on 2 of my raq's, the third one has FTP problems. I can not login with FTP (passive mode on or off). This can very well be something on my raq4, but havent found it yet, any suggestions are welcome.
Note that you have to fill in the ip's of your own nameservers where i wrote xx.xxetc.


# TCP
# serve ftp for passive clients _ONLY_
./ipchains -A input -i eth0 -p tcp --destination-port 21 --syn -j ACCEPT -l
# serve ssh - 22
./ipchains -A input -i eth0 -p tcp --destination-port xxx --syn -j ACCEPT -l
# serve smtp - 25
./ipchains -A input -i eth0 -p tcp --destination-port 25 --syn -j ACCEPT
# serve http - 80
./ipchains -A input -i eth0 -p tcp --destination-port 80 --syn -j ACCEPT
# serve https admin - 81
./ipchains -A input -i eth0 -p tcp --destination-port 81 --syn -j ACCEPT -l
# serve pop3 - 110
./ipchains -A input -i eth0 -p tcp --destination-port 110 --syn -j ACCEPT
# disallow SYN on all else
./ipchains -A input -i eth0 -p tcp --syn -j DENY -l
# allow existing TCP sessions to continue
./ipchains -A input -i eth0 -p tcp -j ACCEPT

# UDP
# DNS response
./ipchains -A input -i eth0 -p udp --source xx.xx.xxx.xxx -j ACCEPT
./ipchains -A input -i eth0 -p udp --source xx.xx.xxx.xxx -j ACCEPT

# ICMP allowed
./ipchains -A input -i eth0 -p icmp -j ACCEPT

# disallow all else
./ipchains -A input -i eth0 -j DENY -l


btw xxx is my SSH port, you have to fill your own there.

I've got these rules from Shortfork, so if your system crashes he's the one you're looking for :D

You can also try Pmfirewall to configure it all, but haven't tried it yet (i'll try that if everything else fails :rolleyes: )

I don't know what the latest version is...

I see, I will look for Shortfork if everything screw up :D :emlaugh:

Anyway Thanks

Originally posted by mamakap
I see, I will look for Shortfork if everything screw up :D :emlaugh:

Anyway Thanks <looks up from desk> someone call me?? :cartman: </looks up from desk>

:cool: Shortz :look:

<blatant rip-off of Mouse Sig> Shortfork Reserves the right to be profoundly wrong in any instance or answer given and is by no means an expert in regards to this Linux stuff and is just learning.</blatant rip-off of Mouse Sig>