List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
Kim Ingemann wrote:
>I'm using portsentry and I can really recommend it. It can act as a trap
>for scanners because it binds itself to certain manually defined ports
>(that scanners usually scans). My setup says that if someone touches a
>couple of those ports in a short period of time it drops the connection
>to that IP directly and notifies me about it through my cellphone.
That kind of automatic policy is dangerous, you can unknowingly block
away whole cable ISPs in some cases and in other cases somebody can
manage to spoof some important IP addresses to make your server block
>This means that the attacker is already dropped before he/she have a
>chance to use some exploits of the services I'm running.
This means some script kiddies are blocked away, but it's useless
against (for example) somebody with an exploit for rsync scanning
exclusively the rsync port for vulnerable hosts.
> Of course - If
>they're used before the scan takes place, then we have a little problem.
>But I guess it takes care of the most of them anyway.
Sandino Araico Sánchez
-- Lo que no mata engorda.
email@example.com mailing list