Hi Marc,
> yes i also recommend running it at its highest setting,
> but my main recommendation is to turn off its reactive elements, ie
> blackholing hosts, dropping packets via ipchains and dropping into
> hosts.deny.
I use even the reactive elements and so far no legitimate customer has locked
himself out. Aside from one of my administrators. ;o)
However, you are right that the reactive elements are dangerous and have the
potential of locking yourself or legitimate persons out at the worst. Then
again, a cronjob which clears the ipchains rules or the hosts.deny and
restarts portsentry at certain times can reduce this danger considerably.
Ciao,
Michael Stauber
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
