Re: [lug-nuts] Portsentry question

From: Rick Johnson (rick@pointman.org)
Date: Tue Jan 25 2000 - 10:53:00 PST


However you can't put port 25 on the port sentry attack list. If you did,
then you would block every mail server that tried to connect to yours.

The only benefit I see is, for example, to leave port 111 open, even if
you have no RPC services running. Then when someone from the outside tries
to connect to this you can flag them as an attacker and portsentry will
block all traffic from them.

Although, personally, I wouldn't trust it, I'd rather take a more active
approach to the security of my network. Sometimes too much automation can
be a bad thing. :-)

Rick

--
===========================================================
Rick Johnson                      Voicemail:   530.325.5200                  
rick@pointman.org                       Fax:   530.325.5200
http://www.pointman.org                 AIM:   rsjohn01   
===========================================================

On Tue, 25 Jan 2000, Michael Long wrote:

> My feeling is this... If I scan your network and see that you have port 25 > (sendmail) running I can start attacking your sendmail port. If you have > portsentry running and I set it off, you effectively "black hole" the IP > address I'm coming from so I can't even "see" the ports you do have open. > It's just an added annoyance for the attacker. :) > > Michael > > On Tue, 25 Jan 2000, Marc Matteo wrote: > > > I'm a little unclear one the use/need of Portsentry. > > > > In my case, I have most if not all the ports blocked to my home network. > > Generally if you're not running internet services this should be a standard > > IP Chains setup, no? > > > > Anyway, if you have all your ports blocked via IP Chains what's the benefit > > of having Portsentry block them again? > > > > Marc > > -- > > Marc Matteo > > Online Technology Leader > > http://www.sacbee.com > > > > > > **************************************************************************** > * To UNSUBSCRIBE from the list, send a message with "unsubscribe lug-nuts" > * in the message body to majordomo@saclug.org. Please direct other > * questions, comments, or problems to lug-nuts-owner@saclug.org. >

**************************************************************************** * To UNSUBSCRIBE from the list, send a message with "unsubscribe lug-nuts" * in the message body to majordomo@saclug.org. Please direct other * questions, comments, or problems to lug-nuts-owner@saclug.org.



This archive was generated by hypermail 2b29 : Fri Feb 25 2000 - 14:29:11 PST