[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] PortSentry 2.0b1 Beta released
- Subject: Re: [cobalt-security] PortSentry 2.0b1 Beta released
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Wed, 10 Apr 2002 17:08:16 +0200
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Gerald,
> I still don't see what good it can do, if the only ports I have open are
> well used ports.
Well, the usage of Portsentry has always been controversial. It sure has
benefits and backdraws.
I use a slightly modified version of Portsentry. Basically I went into the
sources and ripped out all the uninformative report functionality like
"Portsentry listening on UDP-Port XXX" which is generated when Portsentry
starts. That info otherwise just clutters up the logfiles. I also use it only
on half a dozend manually selected ports in UDP and TCP mode. That's
configureable in the Portsentry configuration file.
The ports I use for that are generally ports not used by any service and it
are also ports which I specifically opened up in the Firewall. That pretty
much eliminates the accidentially blocking of people who just did something
dumb.
But if someone runs a portscan over the box and reaches one of those "holes"
in the Firewall behind which Portsentry is listening, then that person is
instantly blocked as you'd might expect from running Portsentry.
One might argue why to pry holes into a perfectly fine firewall for that
purpose, or if portscans are actually a good thing or bad. My own personal
point of view is that whoever runs a portscan on one of my boxes is someone I
rather keep at arms lenght and on the far side of the border router.
Stand alone Portsentry won't do any good, but as just one of many layers in a
well thought out security concept it can be a beneficial addition I'd say.
--
Mit freundlichen Grüßen / With best regards
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer