[KLUG Members] Re: Members digest, Vol 1 #1046 - 12 msgs

[Randall Perry]

> Date: Sat, 2 Aug 2003 04:45:50 -0700 (PDT)
> From: Andy <misplice@yahoo.com>
> To: members@kalamazoolinux.org
> Subject: [KLUG Members] smoothwall questions
> Reply-To: members@kalamazoolinux.org
> 
> Ok.. I downloaded and installed the latest beta and
> patches for smoothwall on an extra box. When I look at
Sorry, I am an IPCop fan ;)
(and Phil IS THE BETTER MAN!) :P
<snip>
> router/firewall already) is there a command that will
> show me any file access or changes that happened since
I know Bruce just suggested running the RPM command, but you 
might want to look at Tripwire.
Smoothwall has lots of stuff stripped out (for good reason),
so dependencies might not be there initially.

> the install. That and in the instance were I keep
> getting hit by 1 IP that is scanning all the ports..
> even now what would be a good way of dropping them or
> should I just report that IP to the ISP that shows up
> in Whois?
Check this:
http://eamnesia.com/hostinfo/ipinfo.jsp

Then report it to their ISP.
Also just go ahead and add a firewall entry to drop (not deny)
from that address (or range altogether if you don't have a web server
with a chance of getting traffic from that ip group).

You mention you are still kind of new to Linux. Check out the
collection of organized links I have here:
http://domain-logic.com/linux_links.htm

I initially organized them for a Linux course I taught, but have made it
public and tried to add to it.

If anyone has any other Links, Please Let me know!

Randall Perry