Hi Kevin,
> And here is the main reason I dislike portsentry: now your friend, who
> thought his portscan was doing you a favor, can no longer access your
> server (or at least some of its resources). Portsentry can't tell the
> difference between a malicious attack or a goofball's mistake. Its
> zero-tolerance for system administrators.
Exactly, so the person who implements Portsentry with IPChains needs to know
his stuff, which I happen do do. Never locked myself out of any of the
servers where I installed this measure.
I have a custom script running which flushes the IPchains rules after a
certain ammount of time, so you neither end up with a large list of blocked
IPs, nor will anyone be permanently blocked. So even if one of my customers
decides to run nmap on the server, then he'll be locked out for a while and
that'll serve him as friendly reminder not to try this stuff on this
particular place.
> For a lot of hackers, portsentry makes very little difference - they can
> always come at your open services from another IP. There are other ways
> beyond a port scan to find out what services are running on your machine
> (your web site, network solutions database, email headers, etc).
There will never be a 100% certain way to stop intrusion attempts, sure. But
with 40-90 portscans, sunrpc-script-kiddies and various UDP probes per week
on my primary server I feel much safer with all the protections in place.
Having Portsentry as *only* protection in place won't do any good. It's just
one of those lines of defense one might want to have.
--
Mit freundlichen Gr��en / Best regards
Michael Stauber
�Stauber Multimedia Design ____ Phone: �+49-6471-923812
�Hauptstrasse 31 ______ �D-56244 Goddert ______ Germany
�SMD.NET ___ SOLARSPEED.NET ___ FORUMWORLD.COM
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
