[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] [RaQ3] Portsentry's raison d'etre (used to be Port Sentry)

Subject: Re: [cobalt-security] [RaQ3] Portsentry's raison d'etre (used to be Port Sentry)
From: "Kevin D" <kdlists@xxxxxxxxxxxxxxx>
Date: Mon, 11 Jun 2001 09:30:26 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> >Therefore, I conclude, running Porsentry is better than not running
> >it.

I didn't say nothing at all, I just said not portsentry :)

I have good reasons too:
-I would never block an IP just for portscanning my server.
-I would not allow a machine, no matter how good its ruleset, to make
decisions that would potentially create denial of service conditions for
users of my services. Those decisions should be made by intelligent admins.
Otherwise, a wily hacker with spoofing techniques could block half the
internet from sending me email.
-legitimate users could be denied access to many services on my server
simply by mistyping port numbers in an ftp client, for example
-with dynamic addressing at many ISPs, a hacker could have blocked several
IPs that legitimate users may eventually use

I do use other tools (ie the good host-based IDS tools i referred to), such
as fcheck.

Kevin

References:
- RE: [cobalt-security] [RaQ3] Portsentry's raison d'etre (used to be Port Sentry)
  - From: Tony

Prev by Date: Re: [cobalt-security] Reports stoped on 15 may 2001
Next by Date: Re: [cobalt-security] [RaQ3] Port Sentry
Previous by thread: RE: [cobalt-security] [RaQ3] Portsentry's raison d'etre (used to be Port Sentry)
Next by thread: Re: [cobalt-security] [RaQ3] Port Sentry

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index