[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPchains Rules - was Re: [cobalt-security] Portsentry & UDP ports

Subject: Re: IPchains Rules - was Re: [cobalt-security] Portsentry & UDP ports
From: "Marc Gear" <marcg@xxxxxxxxxxxxxx>
Date: Sat, 7 Apr 2001 12:59:59 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Rick,
Please dont post in HTML.

> I figure they must be using one of those new port scanners
> (not new just popular now) that can scan through port sentry
> does 1/2 completed requests, from what I understand - not
> enough to trigger port sentry but enough to get the info it needs.

most portscanners have been sending SYN and FIN packets for ages. These do
however trigger portsentry.  The way you get round portsentry is to scan
really really slowly and using lots of different hosts.  There are popular
scanners availiable that do this atm (www.insecure.org/nmap)

I suspect they did a standard scan across thier LAN on the relevant port and
because portsentry effectivly listens on all ports it picked it up. This is
the way the advanced stealth works, and its really too high a setting for
most uses.  The best way to avoid being a target for crackers is to not
stand out, dont make your machine appear different, but i've explained this
before.
--
/\/\ a R (

References:
- IPchains Rules - was Re: [cobalt-security] Portsentry & UDP ports
  - From: Rick Ewart

Prev by Date: IPchains Rules - was Re: [cobalt-security] Portsentry & UDP ports
Next by Date: RE: [cobalt-security] Hardening RaQ3 OS by Removing Unused RPM's
Previous by thread: IPchains Rules - was Re: [cobalt-security] Portsentry & UDP ports
Next by thread: Re: IPchains Rules - was Re: [cobalt-security] Portsentry & UDP ports

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index