[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] PortSentry 2.0b1 Beta released
- Subject: Re: [cobalt-security] PortSentry 2.0b1 Beta released
- From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 11 Apr 2002 18:22:52 -0500
- Organization: Front Street Networks LLC
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Thursday 11 April 2002 05:12 pm, Kevin D wrote:
> > > Gerald, you can specify exactly which ports you want it to listen to.
> > >By allowing it to bind to ports that you don't use and would probably
> > >otherwise block with IPCHAINS, iptables, etc. is that hopefully you'll
> > >catch a hacker doing a port scan before they get to one of your active
> > >ports running real services and automatically drop their traffic in your
> > >firewall.
>
> And then when the hacker does a decoy scan you get hundreds of innocent ips
> blocked from your server. And hey, if the hacker discovers what you're
> doing, he can just send more decoys until your server is pretty much shut
> down to the outside world, until the rules get flushed in 2-3 days.
>
> If you're really lucky, one of the decoys he uses will be the one you
> connect from to admin the server :)
>
Interesting!!! I think it can do more harm then good....
A real hacker is going to go after exploitable processes that you are running,
ftp, telnet, ssh, named, http
--
Gerald Waugh : Registered Linux user # 255245
http://www.frontstreetnetworks.com
Front Street Networks LLC - ph. 203.785.0699
229 Front Street, Ste. #C, New Haven, CT, United States of America
7:19pm up 21 days, 2:44, 3 users, load average: 0.97, 1.09, 1.31