cyrusTvirus
09-17-2002, 12:37 PM
A client of us locked himself out.
The command portsentry used was:
www portsentry[18703]: attackalert: Host XX.XX.XXX.56 has been blocked via dropped route using command: "/sbin/route add -host XX.XX.XXX.56 reject"
We also got:
Sep 16 21:31:54 www named[592]: ns_req: sendto([XX.XX.XXX.56].11108): Network is unreachable
Sep 16 21:31:50 www portsentry[18703]: attackalert: Host XX.XX.XXX.56 has been blocked via wrappers with string: "ALL: XX.XX.XXX.56"
Note that xxx is a changed IP !
I removed the client from:
portsentry.blocked.actp
portsentry.blocked.udp
and from the hosts.deny
and restarted portsentry.
But still the client has no access from that ip which is in fact a dedicated DSL ip provided by his accessprovider.
Am I overlooking something?? Do I need to restart something more ? Why does my client gets no access to his email and websites ? Please note that on his box no ipchains etc running.
Please advice ! Thanks in advance!
Robbert
The command portsentry used was:
www portsentry[18703]: attackalert: Host XX.XX.XXX.56 has been blocked via dropped route using command: "/sbin/route add -host XX.XX.XXX.56 reject"
We also got:
Sep 16 21:31:54 www named[592]: ns_req: sendto([XX.XX.XXX.56].11108): Network is unreachable
Sep 16 21:31:50 www portsentry[18703]: attackalert: Host XX.XX.XXX.56 has been blocked via wrappers with string: "ALL: XX.XX.XXX.56"
Note that xxx is a changed IP !
I removed the client from:
portsentry.blocked.actp
portsentry.blocked.udp
and from the hosts.deny
and restarted portsentry.
But still the client has no access from that ip which is in fact a dedicated DSL ip provided by his accessprovider.
Am I overlooking something?? Do I need to restart something more ? Why does my client gets no access to his email and websites ? Please note that on his box no ipchains etc running.
Please advice ! Thanks in advance!
Robbert