Kahli R. Burke wrote: > It looks like portsentry just binds to all interfaces instead of being > selective and only binding to a specific interface like a publically > connected ethernet card. So, it doesn't really care whether it's > coming from the loopback device or eth0 or whatever. This might be a > nice configuration option to request if anyone is using this tool. > The article Ben linked to certainly had a pretty negative tone about > this program, I wonder if other people are finding it useful...' > > Kahli
It's done well enough to get included in a number of standard distro's like RedHat -- most of the info I found on it was very positive. I agree in that it helps to bring "more advanced" network security tools to common users. However, for anyone really having a handle on network security OR trying to (!), I think it does impede understanding. Using straightforward tools like snort and/or tcpdump, in conjunction with system logs (syslogd and hopefully klogd too), might be more overwhelming but offers a true view of what's happening. I'm looking for a good database-driven network intrusion detection system now, where all those sorts of infos, alerts, scans, odd requests, etc, get logged to a central DB for analysis. Benagain
