On Wed, Jan 16, 2002 at 05:38:36PM -0800, Ben Barrett wrote:
> I think the idea is to try to befuddle
> those who
> are trying to get a system OS signature from a portscan.
scrub in on $ext_if all
block in log quick on $ext_if inet proto tcp from any to any flags FUP/FUP
pass out on $ext_if inet proto tcp from { $my_ip(s) } to any modulate state
Does a pretty good job.
> As far as
> local loopback
> use goes, I don't see any different results when I nmap myself with
> 127.0.0.1 OR
> my LAN address, whether portsentry is running or not. It would indeed make
> sense to me to see less from the LAN address but that doesn't seem to be
> the case.
> Odd, yea? I feel like I'm missing out on something here, hum...
> Clarification: portsentry makes the system appear to be running
> services it's not,
> from the outside world -- not just from localhost's loopback of 127.0.0.1...
If that's the point, then why even listen on 127.0.0.1? IMO, that's
a sign of lazy or clueless coding, and I don't trust lazy or clueless
coders (except myself :).
--
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
