Jacob Meuser wrote: >Is the idea behind portsentry to ba a "fly catcher" (I can think >of any other reason to fake services), an if so, how would listening >on 127.0.0.1 achieve this? > Yes, I think that's a decent description. The opening of otherwise-unused ports definately seems like bait to me; I think the idea is to try to befuddle those who are trying to get a system OS signature from a portscan. As far as local loopback use goes, I don't see any different results when I nmap myself with 127.0.0.1 OR my LAN address, whether portsentry is running or not. It would indeed make sense to me to see less from the LAN address but that doesn't seem to be the case. Odd, yea? I feel like I'm missing out on something here, hum... Clarification: portsentry makes the system appear to be running services it's not, from the outside world -- not just from localhost's loopback of 127.0.0.1...
Ben
