On Wed, 10 Apr 2002 09:40:47 -0400, Gerald Waugh <[EMAIL PROTECTED]> wrote:
:>On Wed, 10 Apr 2002, Chris Burton wrote: :>> With that complaint you are probably running it in classic mode which will :>> no longer exist (as stated above), it was fairly well documented on how to :>> get it to not "listen" on unused ports but most people give up when it :>> doesn't do what they want/expect (no offence intended). :>> :> :>no offense taken, :>I still don't see what good it can do, if the only ports I have open are :>well used ports. Now if it could look at many unsuccessful logins or something :>along those lines, then block that ip, it could be useful. It is a matter of philosophy in terms of what you want to watch. I set portsentry to watch everything except those ports I use. If it detects an attack on an open port, it shuts that ip address down on all ports and logs the attack using ipfilter. I can then scan my portsentry log and see exactly who was trying to do what. I.e., I can see the ip address trying to connect to port 21 or port 22. I then have the choice of putting that ip address (or range) into a permanent ip firewall block. It has been rather interesting because I now have a pretty good idea of where the problems are originating. I have, as a result, blocked several countries. My thinking is that it is not enough to protect, I want to know who and what is being scanned. Mike. _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
