[Rainer Weikusat - Tue, 23 Jan 2001 09:41:57 AM CST] > David Duffey <[EMAIL PROTECTED]> writes: > > I highly suggest portsentry and logcheck, > > Avoid portsentry. It's literally uselesss.
You could list reasons why it's useless. For me, I usually run it in stealth mode (no, I'm not afraid of the spoof attack; that's what turning on spoof detection in the kernel is for), and it's served me rather well for the past year. Stopping attackers after 'finger' is damned useful (mind you, if you didn't read the documentation and didn't turn on one of the KILL options, it obviously won't work). > > if none if your services are showing connections then it's probably > > traffic from port scans. > > It's probably something (and that something is, given a reasonably > configure machine, probably of absolutely no real concern to you). Port scans aren't always port scans. Sometimes they're direct attempts to attack (for instance, through portmap or ftp), in which case you damn well will do a 'whois' on the IP address and report to the sysadmin listed in the output. -- An Thi-Nguyen Le |I guess it was all a DREAM ... or an episode of HAWAII FIVE-O ...
