1 |
On Fri, 2004-01-09 at 09:33, Mark Hurst wrote: |
2 |
> This topic is dead as far as i'm concerned, you keep default rejecting, |
3 |
> i'll keep default dropping, and we'll see if i manage to break the |
4 |
> Internet by doing so. |
5 |
|
6 |
Hi. |
7 |
|
8 |
I just had to comment on this one. I'm sort of doing both rejecting and |
9 |
dropping on my main gateway. |
10 |
|
11 |
My configuration is like this: |
12 |
* Reject unnessecary packages. |
13 |
* Drop scanners. |
14 |
|
15 |
I'm using portsentry and I can really recommend it. It can act as a trap |
16 |
for scanners because it binds itself to certain manually defined ports |
17 |
(that scanners usually scans). My setup says that if someone touches a |
18 |
couple of those ports in a short period of time it drops the connection |
19 |
to that IP directly and notifies me about it through my cellphone. |
20 |
|
21 |
This means that the attacker is already dropped before he/she have a |
22 |
chance to use some exploits of the services I'm running. Of course - If |
23 |
they're used before the scan takes place, then we have a little problem. |
24 |
But I guess it takes care of the most of them anyway. |
25 |
|
26 |
-- |
27 |
Med venlig hilsen / Best regards, |
28 |
|
29 |
Kim Ingemann |
30 |
http://pingvinland.dk/ |
31 |
|
32 |
|
33 |
-- |
34 |
gentoo-security@g.o mailing list |