I maintain a webserver running RH6.1 at work with PortSentry installed on it. The reason is due to someone trying to break into it and finally succeeded. Thankfully nothing was disturbed. Well my question is that while I maintain it at work I also check some things while I am at home. And my home system is Win98 connected to home Linux LAN containing a samba server box and a firewall box that dials 56k modem to the internet. I cannot get to the webserver at work from my win98 system but I can from the firewall box via lynx. But at the same time I can telnet to it from my win98 box. This has been happening ever since PortSentry was installed, but I am hesitant on taking it off. The only thing that I can figure the reason for this is PortSentry thinks that my connection is a type of IPSPOOF and takes its time to allow me to connect. Even after letting it take its time to load and it times out on me. Does this sound possible or am I thinking to far in left field? If it is what is the fix? If not what else can it be. My cooworkers say they can get to the webserver with no problems from home. ANY suggestion will be greatly appreciated.

TIA

Sokertes

------------------
I wasn't born with enough middle fingers

Life is hell til you find LINUX, then your beyond heavan

Well after six days and no replies I took a chance and took down portsentry. I still could reach the server at work. So today I commented out the ipchain rule set that the person that had the job before me put in, install pmfirewall, and brought portsentry in to play again. I can now finally get to the webserver from my home lan. who would have figured that would be it. I kept looking at the ipchain ruleset and everything SEEMED to be on the up and up but apparently on the TOO up and up.

Thanks anyway guys. I figured that my question was ethier too stupid or too trivial and that is why nobody replied. So I pulled a Craig McPherson
..... (hehehe) got in touch with the inner ora, brought together my ying and yang and dove for it. And what do you know it worked. Thank you master Craig McPherson
for the input in another post for the advice. Even if it wasn't directly to me.

Thanks again guys for the help in the past.

Sokertes

[This message has been edited by Sokertes (edited 19 October 2000).]

Hey, Thats easy.

Add your IP to portsentry.ignore

so it just ignores you.....ALSO Check hosts.deny to see if portsentry added you by accident to the hosts.deny. I've had this happen to clients.



------------------
---=== SYSTEM RULES ===--
1. Do not post crap
2. Obey rule #1
3. Only post stuff that rule #2 allows

If somebody suceeded in breaking in, there is no way of knowing if anything was disturbed. They might not have erased any of your web pages, but your box is probably '0wn3d'. There are probably so many backdoors installed on that system it isn't even funny.

If you ever have a box compromised - save all your important date, but no binaries, or configs. Re-install from scratch. That means format the drive. Don't take any chances.