On 1/17/02 2:45 PM, "Jacob Meuser" <[EMAIL PROTECTED]> wrote:
> On Thu, Jan 17, 2002 at 09:48:08AM -0800, Christopher Maujean wrote: >> Portsentry is about setting up claymores on trip lines at all entrances >> to your camp that you don't want to have to post an actual guard at. > > The reasoning in war is that soldiers are too expensive. What's > expensive about packet filtering, tcpwrappers, and only listening > on addresses/ports that absolutely need to be listened to? Port Sentry also allows you to blackhole route stuff, or deny all for a host dynamically, based upon the triggers you configure for it. It's more of a rudimentary Intrusion Detection System. The thing that scares me about Port Sentry is that it opens your system up to more exploits, and also has the possibility of allowing exploits against the TCP/IP stack. Seems like it would just be more sane to strip everything down, tighten access controls, and ensuring your software is up-to-date. Or at the least, using some external IDS solution like Snort on the same network. Jacob S.
