[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Portsentry & UDP ports

Subject: Re: [cobalt-security] Portsentry & UDP ports
From: "Marc Gear" <marcg@xxxxxxxxxxxxxx>
Date: Sat, 7 Apr 2001 01:17:32 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> Why?

Port sentry uses does not by default do passive scan detection. It does
reactive protection, in that the moment it detects anything connecting to a
port it hasn't been told to ignore it takes steps to stop that host
connecting to any more ports.

A far better method (IMO) is to setup a firewall to reject (not deny or
drop) any packets to ports that dont have daemons running on them or
whatever and then have some sort of passive detection of port probes that
log to your syslog or are mailed to you via portsentrys sister software
logcheck This way you know (hope) that they cant get in, but you still have
a note that they tryed.

The reason i say to reject rather than deny is that you are not aiming for
total computer invisibility.  You have ports open and services running on
these machines (well  you dont have to but thats another matter) let people
scan you and see what ports you have open, or if they know that your host is
up, but cannot get any responce from it, it makes them look harder for a way
in.

--
/\/\ a R (

References:
- RE: [cobalt-security] Portsentry/Logcheck
  - From: storage
- [cobalt-security] Portsentry & UDP ports
  - From: Carrie Bartkowiak
- Re: [cobalt-security] Portsentry & UDP ports
  - From: Marc Gear
- Re: [cobalt-security] Portsentry & UDP ports
  - From: Filiberto Ricci

Prev by Date: Re: [cobalt-security] Portsentry & UDP ports
Next by Date: Re: [cobalt-security] Portsentry & UDP ports
Previous by thread: Re: [cobalt-security] Portsentry & UDP ports
Next by thread: Re: [cobalt-security] Portsentry & UDP ports

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index