Well I'm running Slackware 8.0 and its been up for a long time. I run sshd on it as well as portsentry and iptables doing NAT for my network. When portsentry detects a scan it drop incoming packets from that address and then adds the sender to /etc/hosts.deny
Last night I got bored ssh'ed into that box and was tinkering around with nmap (don't work nothing malicious, just playing with the os detection option to see how good it is). Well everything was good and I played and went to bed last night.
This morning I woke up and when I tried to get into that box I got "secure connection refused." I ssh'ed into another box that I have and tried to ssh in from there and got the same problem. I tried from my 3rd location (i've got workplace machines, home machines, a school machine, and a machine where I have hosting service) and it worked.
I wonder if I possibly did something with nmap without knowing it that maybe set off portsentry or something and has made it deny access to certain hosts. Like I said some can still access it and I can also ssh in from the local lan. Where else could there be a list of hosts to drop or disallow? The IP is not listed in /etc/hosts.deny nor is it in /usr/local/psionic/portsentry/portsentry.history so I don't think portsentry has picked up on it. The sshd is running on its own and not through inetd anyway.
What could I have done to make ssh give me a "secure connection to x.x.x.x refused" message? Any ideas are welcome as I'm a bit stumped
Last night I got bored ssh'ed into that box and was tinkering around with nmap (don't work nothing malicious, just playing with the os detection option to see how good it is). Well everything was good and I played and went to bed last night.
This morning I woke up and when I tried to get into that box I got "secure connection refused." I ssh'ed into another box that I have and tried to ssh in from there and got the same problem. I tried from my 3rd location (i've got workplace machines, home machines, a school machine, and a machine where I have hosting service) and it worked.
I wonder if I possibly did something with nmap without knowing it that maybe set off portsentry or something and has made it deny access to certain hosts. Like I said some can still access it and I can also ssh in from the local lan. Where else could there be a list of hosts to drop or disallow? The IP is not listed in /etc/hosts.deny nor is it in /usr/local/psionic/portsentry/portsentry.history so I don't think portsentry has picked up on it. The sshd is running on its own and not through inetd anyway.
What could I have done to make ssh give me a "secure connection to x.x.x.x refused" message? Any ideas are welcome as I'm a bit stumped
