On Wed, Jan 16, 2002 at 05:41:41PM -0800, Kahli R. Burke wrote: > > > >Is the idea behind portsentry to ba a "fly catcher" (I can think > >of any other reason to fake services), an if so, how would listening > >on 127.0.0.1 achieve this? (I should proof read before I send :( > > > It looks like portsentry just binds to all interfaces instead of being > selective and only binding to a specific interface like a publically > connected ethernet card. So, it doesn't really care whether it's coming > from the loopback device or eth0 or whatever. This might be a nice > configuration option to request if anyone is using this tool. The > article Ben linked to certainly had a pretty negative tone about this > program, I wonder if other people are finding it useful...'
It would seem to me to not be wise to trust something (assuming that thing is supposed to bring some kind of security) that binds to interfaces just to look busy, especially if it can't control what address it's listening on. This would also make writing filtering rules difficult, or, well, make portsentry useless, wouldn't it? Why let packets in just to go to a honey pot? Maybe I don't understand the point of portsentry. -- <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
