RE: [Labrea-users] Newbie question
Status: Abandoned
Brought to you by:
lorgor
Menu
▾
▴
RE: [Labrea-users] Newbie question
|
From: Gordon, L. <Lor...@te...> - 2003-09-09 14:09:10
|
Matthew, Would help to know which version of labrea you are referring to. I would think that maybe the parameters should be: -z -s -p32000 -l -b Then if you want to slow down port scans =E0 la nmap, you could exclude = some ports in the config file, and specify "-f" as a parameter. eg 10000-40000 portignore =09 -z -s -p32000 -l -b -f However if you are running the current "stable" version (ie 2.4.1), its = main purpose is to slow down worms. The new beta version has extra function = added to exclude most ports at startup, and then dynamically open them as = activity builds up. In this way, nmap portscans are slowed down. Labrea is fairly complex because of its flexibility. Hope this helps; don't hesitate to ask if have other questions. lorgor -----Message d'origine----- De : Matthew Wagenknecht [mailto:Mat...@qu...] Envoy=E9 : 8 septembre, 2003 21:58 =C0 : 'lab...@li...' Objet : [Labrea-users] Newbie question I thought I understood the instructions, but maybe I'm missing = something.=20 I'm using the following two lines in my config file, both on linux and windows. Also using thethese switches: -z -s -P32000 -l (Actual IPs changed to protect the innocent) 10.10.10.1-10.10.10.210 exclude 10.10.10.230-10.10.10.254 exclude My hosts ip is 10.10.10.210 with a class c mask.=20 Shouldn't labrea take over all unassigned IPs from 210 to 229. Labrea doesn't give any errors (that I know of) but port scans of that range = are not hindered.=20 Where am I being a bonehead? Thoughts? ..:: Matt ::.. -------------------------- via BlackBerry ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Labrea-users mailing list Lab...@li... https://lists.sourceforge.net/lists/listinfo/labrea-users |
