[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] IPChains Tool
- Subject: Re: [cobalt-security] IPChains Tool
- From: Ted Behling <tbehling@xxxxxxxxxxxxx>
- Date: Fri, 20 Jul 2001 18:03:37 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
You made good points, Carrie, and I like the whois idea. In addition, I
want to make sure people know that IPChains makes PortSentry a "backup"
ONLY if IPChains is denying all unbound, incoming ports <= 1024. If you're
configured this way, couldn't people can still portscan you, since the
packets aren't getting past the kernel's IPChains code?
FWIW, I configure my servers' IPChains to implement most of the SANS
IPChains recommendations (can't find exact URL) and a few other things, but
it leaves unbound ports unblocked. Then, I run PortSentry to listen for
portscans, and when it finds one, I have it run IPChains to block all
traffic to and from that IP.
At 04:01 PM 7/20/01 -0400, Carrie Bartkowiak wrote:
>As for using it with PortSentry - that's really a moot point. If
>you've got IPChains running, then PortSentry is just a backup alarm
>and reaction system. Someone will have to get through the IPChains
>first in order to set off PortSentry. PortSentry can then do a number
>of things, like tossing the offender's IP into the routing table,
>handing it over to IPChains to block, or running an external command
>(Zeffie showed me a wonderful idea to have the external command run a
>whois on the offending IP and mail it to me).
>
>They seem to me to be a good system to run together. IPChains up
>front and PortSentry as a backup measure, with LogCheck to show you
>everything that's happening.
-------------------------------------------------------------------------
Ted Behling, Web Application Developer, Monarch Information Systems, Inc.
43 Folly Field Road, Unit 4, Hilton Head Island, SC 29928-5434
E-mail: mailto:TBehling@xxxxxxxxxxxxx
Phone/Fax: 1-800-842-7894 Local or Outside the USA: 1-843-842-7894
Cell Phone (urgent issues): 843-816-7895
Cell Phone E-mail: mailto:TedPhone@xxxxxxxxxxxxx (116 letter limit)
Web site: http://www.monarchis.net
-------------------------------------------------------------------------