[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Portsentry & UDP ports
- Subject: Re: [cobalt-security] Portsentry & UDP ports
- From: "Marc Gear" <marcg@xxxxxxxxxxxxxx>
- Date: Sat, 7 Apr 2001 01:24:18 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> However, you are right that the reactive elements are dangerous and have
the
> potential of locking yourself or legitimate persons out at the worst. Then
> again, a cronjob which clears the ipchains rules or the hosts.deny and
> restarts portsentry at certain times can reduce this danger considerably.
I would certianly recommend running something like this... even if port
sentry itself left a host with an ipchains rule or in hosts.deny for like 10
mins and took them out this would be great - like a temporary ban for
portscanning you :)
However afaik it is not easily configured to act like this, and generally
uses permanant a more permanant 'sin-bin' from which it is hard to remove
hosts that have fallen in by mistake.
Mostly this is from personal experience, with people testing the security on
my coloc from my network without my permission effectivly stopping any kind
of remote access at all because portsentry blocked it via ip chains.
--
/\/\ a R (