paul,
absolutely agree. what i like about portsentry is that it's
configurable. i would never configure a server with portsentry in this
fashion. nevertheless, it's a reasonable configuration for a
workstation. by default, portsentry doesn't do anything other than log
the port scan, but there are lots of other options.
options are good.
todd
On Sun, 4 Jun 2000, Paul D. Robertson wrote:
> Date: Sun, 4 Jun 2000 22:38:23 -0400 (EDT)
> From: Paul D. Robertson <[EMAIL PROTECTED]>
> To: Todd <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Subject: Re: OS response to probes
>
> On Sun, 4 Jun 2000, Todd wrote:
>
> > detects a probe (i have it configured to add a rule to ipchains to deny
> > packets from that sender, but the response is configurable).
>
> It's been discussed here in length before, but it's worth repeating...
>
> Denying packets based on scans can leave you open to Denial of Service
> attacks, especially for packets forged from DNS boxes, common electronic
> mail gateways, etc.
>
> Paul
> -----------------------------------------------------------------------------
> Paul D. Robertson "My statements in this message are personal opinions
> [EMAIL PROTECTED] which may have no basis whatsoever in fact."
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
=========================================================
Todd Underwood, [EMAIL PROTECTED]
criticaltv.com criticalfashion.com
news, analysis and criticism. about tv. about fashion.
and other stuff.
=========================================================
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
