[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Portsentry & UDP ports

Subject: Re: [cobalt-security] Portsentry & UDP ports
From: Michael Stauber <michael@xxxxxxxxxxxxxx>
Date: Fri, 6 Apr 2001 21:33:26 +0200
Organization: Forumworld.com
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Marc,

> yes i also recommend running it at its highest setting,
> but my main recommendation is to turn off its reactive elements, ie
> blackholing hosts, dropping packets via ipchains and dropping into
> hosts.deny.

I use even the reactive elements and so far no legitimate customer has locked 
himself out. Aside from one of my administrators. ;o)

However, you are right that the reactive elements are dangerous and have the 
potential of locking yourself or legitimate persons out at the worst. Then 
again, a cronjob which clears the ipchains rules or the hosts.deny and 
restarts portsentry at certain times can reduce this danger considerably.

Ciao,

Michael Stauber

Follow-Ups:
- Re: [cobalt-security] Portsentry & UDP ports
  - From: Marc Gear
- Re: [cobalt-security] Portsentry & UDP ports
  - From: Marc Gear

References:
- RE: [cobalt-security] Portsentry/Logcheck
  - From: storage
- [cobalt-security] Portsentry & UDP ports
  - From: Carrie Bartkowiak
- Re: [cobalt-security] Portsentry & UDP ports
  - From: Marc Gear

Prev by Date: Re: [cobalt-security] Portsentry & UDP ports
Next by Date: Re: [cobalt-security] Portsentry & UDP ports
Previous by thread: Re: [cobalt-security] Portsentry & UDP ports
Next by thread: Re: [cobalt-security] Portsentry & UDP ports

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index