[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] PortSentry 2.0b1 Beta released
- Subject: Re: [cobalt-security] PortSentry 2.0b1 Beta released
- From: Mike Vanecek <clist.mtv@xxxxxxxxxxxx>
- Date: Fri, 12 Apr 2002 09:09:58 -0500
- Organization: anonymous
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Thu, 11 Apr 2002 17:12:00 -0400, "Kevin D" <kdlists@xxxxxxxxxxxxxxx> wrote:
:>> > Gerald, you can specify exactly which ports you want it to listen to.
:>By
:>> > allowing it to bind to ports that you don't use and would probably
:>otherwise
:>> > block with IPCHAINS, iptables, etc. is that hopefully you'll catch a
:>hacker
:>> > doing a port scan before they get to one of your active ports running
:>real
:>> > services and automatically drop their traffic in your firewall.
:>
:>And then when the hacker does a decoy scan you get hundreds of innocent ips
:>blocked from your server. And hey, if the hacker discovers what you're
:>doing, he can just send more decoys until your server is pretty much shut
:>down to the outside world, until the rules get flushed in 2-3 days.
:>
:>If you're really lucky, one of the decoys he uses will be the one you
:>connect from to admin the server :)
:>
:>Kevin
If a hacker is going to that much trouble, it is probably better to be
shutting down each ip address until one can find out what is going on. If the
attack is that determined it is better to be shut down completely. DOS attacks
are not the real problem, hacks into port old ssh1 port 22s are more likely.