either portsentry is insane, my laptop has been compromised, or ...
Rusty Carruth
rustycar54 at descomp.com
Tue Jul 9 15:07:26 MST 2024
Hopefully the answer isn't that *I'm* the insane one! ;-)
So, my laptop, which is running Linux Mint 20.2 Uma, and my file server
have suddenly had a falling-out. They used to talk to each other just
fine, but now the file server, running Linux Mint 19.3 Tricia, slams my
laptop into the deny list as soon as I try to SSH in to it. And I don't
(believe I have) automatic update enabled on either computer, and I
certainly don't remember doing anything to the laptop or the server
related to networking. The laptop has an NFS connection to the file
server - or it HAD before the blocking!
The file server has no problem ssh-ing to the laptop (no surprise there,
of course).
Initially I thought it was some problem with port 161, but I added that
(and the laptop IP address!) in to the portsenty ignore file, and it
still got flagged.
It isn't in hosts.deny, nor is it in the portsentry bad guys list.
I looked (find /etc -type f -print0|xargs -0 egrep <laptopIPaddr>') on
the file server:
Tue Jul 09 14:02:30 RustyC ~ $ cat /tmp/finding.laptop
/etc/portsentry/portsentry.ignore.static:myLaptopIP
/etc/portsentry/portsentry.ignore:myLaptopIP
/etc/portsentry/portsentry.ignore.static~:myLaptopIP
Tue Jul 09 14:05:59 RustyC ~ $
(I hacked the local IP to the string 'myLaptopIP'. What is actually
there is the actual IP addr).
So, I removed (uninstalled) portsentry from the file server, rebooted,
and tried again. Still blocked! Waited about a day, still blocked.
So, I changed the IP address of the laptop - the server blocks the laptop!
Just for fun, I changed my laptop's IP again and tried mounting the file
server via NFS, without doing anything else (no attempt to ssh, etc) -
blocked, as far as I can tell. BUT! I can still ping the file server
from the laptop!
Checked iptables - NOTHING in any table on the server. I'm totally
stumped, and about to re-install Linux on both the Laptop and the file
server. (One of these days I hope to get time to fool with AI for this
kind of thing, but haven't yet had the time...)
Does anyone have any ideas? Thanks!
More information about the PLUG-discuss
mailing list