I think I am having a little trouble with port sentry. I just installed it on my redhat 7.2 firewall/router. I am using gShield for my firewall. Anyway, I was testing portsentry out by running nmap from one of the machines behind my firewall. Everything seemed to go fine, in my logs I get the portsentry "attackalert" and it then blocks that machine from accessing the gateway. Next I connected to my machine and work and ran the same nmap command to port scan my firewall box but I don't get the "attackalerts" and I am still able to connect to that machine. Why isn't portsentry picking it up?? gShield is noticing it and logging it, but why isn't port sentry? Any help would be greatly appreciated. Thanks in advance.

later

OK fine, the port scan from the outside world doesn't make it to portsentry cause the firewall stops it first. But why does portsenty pick it up when i run nmap from an internal machine, on my firewall machines external IP address??

Don't use portsentry, just use a good firewall script to reject packets.

I've learned this the hard way..

[ 06 December 2001: Message edited by: SKoL ]

Portsentry runs BEHIND a firewall. So - it usually is considered a waste to run PortSentry if you already have a firewall running. (Although - it doesn't hurt to run it.) I know on my test computer, I have IPTables setup and I setup portsentry on that same computer. Then, I scanned my computer using Nessus. Never registered on portsentry, but my firewall was going crazy.


Dark Ninja

yeah, same thing with me...thanks everyone for the input