[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] [RaQ3] Portsentry's raison d'etre (used to be Port Sentry)
- Subject: Re: [cobalt-security] [RaQ3] Portsentry's raison d'etre (used to be Port Sentry)
- From: "Kevin D" <kdlists@xxxxxxxxxxxxxxx>
- Date: Mon, 11 Jun 2001 09:30:26 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> >Therefore, I conclude, running Porsentry is better than not running
> >it.
I didn't say nothing at all, I just said not portsentry :)
I have good reasons too:
-I would never block an IP just for portscanning my server.
-I would not allow a machine, no matter how good its ruleset, to make
decisions that would potentially create denial of service conditions for
users of my services. Those decisions should be made by intelligent admins.
Otherwise, a wily hacker with spoofing techniques could block half the
internet from sending me email.
-legitimate users could be denied access to many services on my server
simply by mistyping port numbers in an ftp client, for example
-with dynamic addressing at many ISPs, a hacker could have blocked several
IPs that legitimate users may eventually use
I do use other tools (ie the good host-based IDS tools i referred to), such
as fcheck.
Kevin