Thanks everyone for all your help. Rectified the problem
<takes big gulp>...I did a ps ax | grep portsentry (as Gerald suggested)
and found there were about 10 instances of portsentry running in both modes -
oops.
I killed them all off, cleared the hosts.deny file (which was
crammed with local IP's), cleared portsentry.blocked.audp (which again had many
local entries) and did an ipchains -F to clear out the ruleset. Just started
portsentry up again in both (tcp and udp) stealth modes, have repeatedly run
logcheck over 5 minutes (which normally generates tons of port 137/138 entries)
and nothing is showing up..hooray!
Well that's taken me 3 days work out what the problem was!
Thanks again everyone for all your help,
Dan
|