[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] [RaQ3] Port Sentry
- Subject: Re: [cobalt-security] [RaQ3] Port Sentry
- From: "Kevin D" <kdlists@xxxxxxxxxxxxxxx>
- Date: Thu, 7 Jun 2001 17:23:04 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> > > a customer of mine sent me a portscan of my server,
> > > and is concerned about my security.
> > >
> > > Am i correct in thinking that portsentry has put these
> > > ports in an open state and this is all correct and OK?
> >
> > LOL!
> >
> > Yes. It is another reason I dislike portsentry.
> >
> > Kevin
>
> you see, that's why I always let Portsentry fight back with an
IPchains-rule.
> If the person who does the scan is blocked, then they'll get no false
ideas
> about open ports. ;o)
And here is the main reason I dislike portsentry: now your friend, who
thought his portscan was doing you a favor, can no longer access your server
(or at least some of its resources). Portsentry can't tell the difference
between a malicious attack or a goofball's mistake. Its zero-tolerance for
system administrators.
For a lot of hackers, portsentry makes very little difference - they can
always come at your open services from another IP. There are other ways
beyond a port scan to find out what services are running on your machine
(your web site, network solutions database, email headers, etc).
So, when using portsentry, what you end up with is a bunch of banned IPs
from possibly innocent users, and a bunch of hackers that you really haven't
stopped, at least not for long.
Kevin