On Thu, Jan 17, 2002 at 09:48:08AM -0800, Christopher Maujean wrote: > Portsentry is about setting up claymores on trip lines at all entrances > to your camp that you don't want to have to post an actual guard at. The reasoning in war is that soldiers are too expensive. What's expensive about packet filtering, tcpwrappers, and only listening on addresses/ports that absolutely need to be listened to?
> Has anyone read the documentation? There seem to be alot of uninformed > assumptions being thrown about. |From README.install: | |The purpose of this is to give an admin a heads up that their host is |being probed. There are similar programs that do this already (klaxon, |etc.) We have added a little twist to the whole idea (auto-blocking), plus |extensive support for stealth scan detection. OK, so you're running stuff that may be exploitable, and you want to know when the script kiddies come around so you can supervise their activities? You could do this by monitoring log growth rates. You can get really fine grained without interrupting normal activity with tcpdump. You can read the "attack of the week" documentation and dump only packets fitting the patterns of those attacks. > This thread is a good example of where most distros go wrong, they > assume that they know which services and how you want/should set them up > and do it for you on install. I've about had it with distributions. They > are starting to feel quite a bit like installing windoze. You should > have to go _enable_ services you want, not disable services you don't. > I'm starting to agree with Justin. I'll have homemade CDs of OpenBSD 3.0-stable (as of 2002-01-16) and OpenBSD 3.0-current (as of 2002-01-15) at tonight's meeting, but I prolly won't be there 'til 7 or so. Homemade means I compiled all the binaries, so ... source for base and XFree86 4.1.0 and the ports tree included! (Including some extra ports that are not a part of the OpenBSD ports tree.) -- <[EMAIL PROTECTED]>
