> >Therefore, I conclude, running Porsentry is better than not running > >it. I didn't say nothing at all, I just said not portsentry :) I have good reasons too: -I would never block an IP just for portscanning my server. -I would not allow a machine, no matter how good its ruleset, to make decisions that would potentially create denial of service conditions for users of my services. Those decisions should be made by intelligent admins. Otherwise, a wily hacker with spoofing techniques could block half the internet from sending me email. -legitimate users could be denied access to many services on my server simply by mistyping port numbers in an ftp client, for example -with dynamic addressing at many ISPs, a hacker could have blocked several IPs that legitimate users may eventually use I do use other tools (ie the good host-based IDS tools i referred to), such as fcheck. Kevin _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
