From: Terry Tremaine (t.tremaine@home.com)
Date: Sun Apr 09 2000 - 11:26:18 PDT
Jim Witterschein wrote:
> Am I looking in the right file for DENY's?Is it /var/log/messages?If
> so, I may have a problem as I haven't seen any deny's for a couple of
> weeks now - since upgrading to PMFirewall 1.1.4.
>
> I have a w98 box on my private network.I have Black Ice Defender
> installed on the 98 box, and I never see attacks or probes.Prior to
> setting up Mandrake 7.0 with PMFirewall 1.1.3 back in January, I would
> catch 3-5 probes and/or attacks a day with BID.That was during the
> week.On weekends, I had as many as 7-8 attacks stopped and logged by
> BID.Then, after installing PMF 1.1.3, all of the attacks were stopped
> at the Linux box.I could see DENYs in /var/log/messages.Now, neither
> Linux w/PMF 1.1.4 nor BID report any probes or attacks.
>
> Have I done something wrong?I firmly the sript kiddies haven't stopped
> their nonsense.
>
After reading your posting I did a test of my system since I also did an
upgrade (yesterday) to pmfirewall 1.1.4. I used my other computer and
different ISP and tried connecting at ports 21 and 80. They were both
denied and logged in /var/log/messages. You can check your active rules
being used by ipchains using /sbin/ipchains -L -n. Then check
pmfirewall.rules.local to see if they are consistent. That should tell
you if something is wrong.
--TT
****************************************************************************
* To UNSUBSCRIBE from the list, send a message with "unsubscribe pmfirewall"
* in the message body to majordomo@pointman.org. Please direct other
* questions, comments, or problems to pmfirewall-owner@pointman.org.
This archive was generated by hypermail 2b29 : Sun Jun 10 2001 - 02:34:23 PDT