Hi Gerald, > I still don't see what good it can do, if the only ports I have open are > well used ports.
Well, the usage of Portsentry has always been controversial. It sure has benefits and backdraws. I use a slightly modified version of Portsentry. Basically I went into the sources and ripped out all the uninformative report functionality like "Portsentry listening on UDP-Port XXX" which is generated when Portsentry starts. That info otherwise just clutters up the logfiles. I also use it only on half a dozend manually selected ports in UDP and TCP mode. That's configureable in the Portsentry configuration file. The ports I use for that are generally ports not used by any service and it are also ports which I specifically opened up in the Firewall. That pretty much eliminates the accidentially blocking of people who just did something dumb. But if someone runs a portscan over the box and reaches one of those "holes" in the Firewall behind which Portsentry is listening, then that person is instantly blocked as you'd might expect from running Portsentry. One might argue why to pry holes into a perfectly fine firewall for that purpose, or if portscans are actually a good thing or bad. My own personal point of view is that whoever runs a portscan on one of my boxes is someone I rather keep at arms lenght and on the far side of the border router. Stand alone Portsentry won't do any good, but as just one of many layers in a well thought out security concept it can be a beneficial addition I'd say. -- Mit freundlichen Gr��en / With best regards Michael Stauber [EMAIL PROTECTED] Unix/Linux Support Engineer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
