In the process of pentesting a machine on local network I got locked out of it due to port sentry. I kept spoofing MAC addreses, and finally got in with an SMTP exploit. Some of the admin stuff has to be done only from a specific MAC address, but its now locked out. I went to portsentry.history and removed the IP address, and removed it from portsentry.blocked.udp, portsentry.blocked and portsentry.blocked.tcp . I even added it to portsentry.ignore. The IP address that was black listed still not able to connect, I get connection to host lost error. I'm sure it's because portsentry.conf file has KILL_ROUTE="/sbin/route add -host $TARGET$ reject". I tried deleting the route, but nothing seems to be working. Any suggestions? thanks -- Vlad G. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. --------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-pen-test ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu May 22 2003 - 09:45:28 PDT