Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: Kim Ingemann <mail@...>
From: Sandino Araico Sanchez <sandino@...>
Subject: Re: firewall suggestions?
Date: Fri, 09 Jan 2004 05:22:28 -0600
Kim Ingemann wrote:

>I'm using portsentry and I can really recommend it. It can act as a trap
>for scanners because it binds itself to certain manually defined ports
>(that scanners usually scans). My setup says that if someone touches a
>couple of those ports in a short period of time it drops the connection
>to that IP directly and notifies me about it through my cellphone.
>
That kind of automatic policy is dangerous, you can unknowingly block 
away whole cable ISPs in some cases and in other cases somebody can 
manage to spoof some important IP addresses to make your server block 
them away...

>This means that the attacker is already dropped before he/she have a
>chance to use some exploits of the services I'm running.
>
This means some script kiddies are blocked away, but it's useless 
against (for example) somebody with an exploit for rsync scanning 
exclusively the rsync port for vulnerable hosts.

> Of course - If
>they're used before the scan takes place, then we have a little problem.
>But I guess it takes care of the most of them anyway.
>
>  
>

-- 
Sandino Araico Sánchez
-- Lo que no mata engorda.



--
gentoo-security@g.o mailing list

Replies:
Re: firewall suggestions?
-- Kim Ingemann
References:
Re: firewall suggestions?
-- Oliver Schad
Re: firewall suggestions?
-- Thomas T. Veldhouse
Re: firewall suggestions?
-- Oliver Schad
Re: firewall suggestions?
-- Mark Hurst
Re: firewall suggestions?
-- Frank Gruellich
Re: firewall suggestions?
-- Mark Hurst
Re: firewall suggestions?
-- Kim Ingemann
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: firewall suggestions?
Next by thread:
Re: firewall suggestions?
Previous by date:
Re: firewall suggestions?
Next by date:
Re: firewall suggestions?


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.