[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] PortSentry 2.0b1 Beta released
- Subject: Re: [cobalt-security] PortSentry 2.0b1 Beta released
- From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 10 Apr 2002 09:46:34 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Wed, 10 Apr 2002, Steve Werby wrote:
> Gerald, you can specify exactly which ports you want it to listen to. By
> allowing it to bind to ports that you don't use and would probably otherwise
> block with IPCHAINS, iptables, etc. is that hopefully you'll catch a hacker
> doing a port scan before they get to one of your active ports running real
> services and automatically drop their traffic in your firewall. BTW, IMO
> it's a good idea to flush all of the IPs associated with scan attempts a
> reasonable amount of time after they're added to the firewall. If your
> firewall rules become too cumbersome it starts to affect performance and
> since most hackers are probably connecting from dynamic IPs on dialups or
> rooted machines that aren't their own IMO in general there's little benefit
> to keeping those offending IPs listed more than a day or two, by which time
> the threat has probably passed. You probably know this or have your own
> mechanisms in place, just thought I'd share my opinion for anyone reading
> this.
>
Ok, that makes a little more sense.
Do you have a list of suggested ports, to catch scans???
--
Gerald Waugh
http://www.frontstreetnetworks.com
Front Street Networks LLC - 203-785-0699
229 Front Street, Ste. #C, New Haven CT, 06513-3203