[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SV: [cobalt-security] [RaQ3] Port Sentry
- Subject: SV: [cobalt-security] [RaQ3] Port Sentry
- From: "Kai Schantz, Euroweb" <kai@xxxxxxxxxx>
- Date: Fri, 8 Jun 2001 01:11:32 +0200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi,
Is there anyway to reopen a IP banned by portsentry?
Kai
>And here is the main reason I dislike portsentry: now your friend, who
>thought his portscan was doing you a favor, can no longer access your
server
>(or at least some of its resources). Portsentry can't tell the difference
>between a malicious attack or a goofball's mistake. Its zero-tolerance for
>system administrators.
>
>For a lot of hackers, portsentry makes very little difference - they can
>always come at your open services from another IP. There are other ways
>beyond a port scan to find out what services are running on your machine
>(your web site, network solutions database, email headers, etc).
>
>So, when using portsentry, what you end up with is a bunch of banned IPs
>from possibly innocent users, and a bunch of hackers that you really
haven't
>stopped, at least not for long.
And the portsentry alternative to deal with 20+ scans per day is....?
Are you suggesting that running without Portsentry is better than running
with it?
Tony
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security