From: Vlad G. (recompiler@hacksrus.com)
Date: Thu May 22 2003 - 00:38:25 EDT
In the process of pentesting a machine on local network I got locked out of
it due to port sentry. I kept spoofing MAC addreses, and finally got in
with an SMTP exploit.
Some of the admin stuff has to be done only from a specific MAC address,
but its now locked out. I went to portsentry.history and removed the IP
address, and removed it from portsentry.blocked.udp, portsentry.blocked and
portsentry.blocked.tcp . I even added it to portsentry.ignore. The IP
address that was black listed still not able to connect, I get connection
to host lost error. I'm sure it's because portsentry.conf file has
KILL_ROUTE="/sbin/route add -host $TARGET$ reject".
I tried deleting the route, but nothing seems to be working. Any
suggestions?
thanks
-- Vlad G. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. --------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-pen-test ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:33 EDT