[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Portsentry & UDP ports
- Subject: Re: [cobalt-security] Portsentry & UDP ports
- From: "Carrie Bartkowiak" <ravencarrie@xxxxxxxx>
- Date: Sat, 7 Apr 2001 02:14:59 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> > However, you are right that the reactive elements are dangerous
and have
> the
> > potential of locking yourself or legitimate persons out at the
worst. Then
> > again, a cronjob which clears the ipchains rules or the hosts.deny
and
> > restarts portsentry at certain times can reduce this danger
considerably.
This sounds like a really good idea!
> However afaik it is not easily configured to act like this, and
generally
> uses permanant a more permanant 'sin-bin' from which it is hard to
remove
> hosts that have fallen in by mistake.
If you don't set up ipchains to save its results and reload them when
the machine reloads, wouldn't a simple reboot effectively clear out
the sin-bin?
I'm being inundated with pokes to UDP port 137. I understand this is a
Windoze thing, from looking around on the Net and talking with Zeffie
tonight. My question is, how much harder is my machine having to work
when it's watching and filtering those packets on that port? Since
it's a windoze thing, wouldn't it be safe to just drop the watching of
that port?
I've noticed a slight slow-down in FTP transfer speed since I put the
ipchains and 'really anal' rule into effect. Nothing major, but enough
to make *me* notice. I'm wondering if taking 137 out of the config
would beef that back up a little. You think?
CarrieB