[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] PortSentry 2.0b1 Beta released

Subject: RE: [cobalt-security] PortSentry 2.0b1 Beta released
From: Graeme Fowler <graeme.fowler@xxxxxxxxxxxxxx>
Date: Wed, 10 Apr 2002 15:51:14 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Gerald Waugh wrote:

> I still don't see what good it can do, if the only ports I have
> open are well used ports. Now if it could look at many unsuccessful
> logins or something along those lines, then block that ip, it could
> be useful.

Erm... but surely that falls under "log analysis", rather than "port
sentry"?

Some people want to know who's trying to look under their door, rather than
finding out when they try to hammer said door down. You can quite
successfully target a machine by scanning a range of unused ports and
determining the OS fingerprint, then you what you might need to break in to
the well-used ports.

Note also that your logfiles may not contain entries for things such as
SYN-FIN or FIN or XMAS or ACK scans; Portsentry might be able to catch them
and warn you about them (I'm unsure. I use Snort instead).

Everyone wants systems to do different things. I think we're all aware of
the fact that you don't like/use PortSentry, and in fact neither do I ;-)
But it's still - when configured properly - a useful tool for some.

Graeme

Prev by Date: Re: [cobalt-security] PortSentry 2.0b1 Beta released
Next by Date: Re: [cobalt-security] PortSentry 2.0b1 Beta released
Previous by thread: Re: [cobalt-security] PortSentry 2.0b1 Beta released
Next by thread: [cobalt-security] nrcpt in log file

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index