Re: Am I missing something about portsentry?

From: R. DuFresne (dufresne@sysinfo.com)
Date: Thu May 22 2003 - 14:00:11 EDT

• Next message: n0brain: "RE: Cain a& Abel Question"
• Previous message: Cushing, David: "RE: Cain a& Abel Question"
• In reply to: Vlad G.: "Am I missing something about portsentry?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

It should not take a kill and restart or even a kill -HUP of portsentry,
but, removing from the portsentry.blocked.X files and then deleting the
route should reopen access for the target/source in question. Depending
upon the OS, the dead route points the offender to 127.0.0.1, so:

route -delete target-ip 127.0.0.1 should remove that also.

Thanks,

Ron DuFresne

On Thu, 22 May 2003, Vlad G. wrote:

> In the process of pentesting a machine on local network I got locked out of
> it due to port sentry. I kept spoofing MAC addreses, and finally got in
> with an SMTP exploit.
>
> Some of the admin stuff has to be done only from a specific MAC address,
> but its now locked out. I went to portsentry.history and removed the IP
> address, and removed it from portsentry.blocked.udp, portsentry.blocked and
> portsentry.blocked.tcp . I even added it to portsentry.ignore. The IP
> address that was black listed still not able to connect, I get connection
> to host lost error. I'm sure it's because portsentry.conf file has
> KILL_ROUTE="/sbin/route add -host $TARGET$ reject".
>
> I tried deleting the route, but nothing seems to be working. Any
> suggestions?
>
> thanks
>

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart
testing, only testing, and damn good at it too!
---------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.
To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-pen-test
----------------------------------------------------------------------------

• Next message: n0brain: "RE: Cain a& Abel Question"
• Previous message: Cushing, David: "RE: Cain a& Abel Question"
• In reply to: Vlad G.: "Am I missing something about portsentry?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:33 EDT