[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] [RaQ3] Port Sentry

Subject: RE: [cobalt-security] [RaQ3] Port Sentry
From: "Tony" <isplists@xxxxxxxxxxxx>
Date: Thu, 7 Jun 2001 17:30:10 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

>And here is the main reason I dislike portsentry: now your friend, who
>thought his portscan was doing you a favor, can no longer access your server
>(or at least some of its resources). Portsentry can't tell the difference
>between a malicious attack or a goofball's mistake. Its zero-tolerance for
>system administrators.
>
>For a lot of hackers, portsentry makes very little difference - they can
>always come at your open services from another IP. There are other ways
>beyond a port scan to find out what services are running on your machine
>(your web site, network solutions database, email headers, etc).
>
>So, when using portsentry, what you end up with is a bunch of banned IPs
>from possibly innocent users, and a bunch of hackers that you really haven't
>stopped, at least not for long.

And the portsentry alternative to deal with 20+ scans per day is....?
Are you suggesting that running without Portsentry is better than running with it?


Tony

Follow-Ups:
- SV: [cobalt-security] [RaQ3] Port Sentry
  - From: Kai Schantz, Euroweb
- Re: [cobalt-security] [RaQ3] Port Sentry
  - From: Kevin D

References:
- Re: [cobalt-security] [RaQ3] Port Sentry
  - From: Kevin D

Prev by Date: Re: [cobalt-security] [RaQ3] Port Sentry
Next by Date: SV: [cobalt-security] [RaQ3] Port Sentry
Previous by thread: Re: [cobalt-security] [RaQ3] Port Sentry
Next by thread: SV: [cobalt-security] [RaQ3] Port Sentry

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index