At 11:58 AM 12/8/99 -0500, Steve wrote:
>I have Ipchains set up to DENY all 10.0.0.0, 127.0.0.0, 192.168.0.0,
172.16.0.0
>and my external eth1 as standard then allowing only what I need from the
>outside and MASQ all internal packets forwarded to my external card. I think
>that is what I need. Portsentry is more of an insurance policy in case I do
>something stupid w/ Ipchains I have a secondary line of defence.
In order to have it be a backup to your firewall, you need to engage it's
dangerous bits. That means the mode where it drops route if it detects an
attacker. You also need a dead IP to send the apckate to... I don't know
if that will be a problem for you.
I would probably install it. But you might consider not having a second
line of defense like this. First, if your firewall works, what use will
portsentry be? It will log a bunch of svans that really just muddy your
logs. And if your firewall doesn't work do you really trust postsentry to
be the backup? It may be better to concentrate on getting the firewall
right with the pressure that you don't have a "back up". Maybe.
---
Alan D. Mead / Research Scientist / [EMAIL PROTECTED]
Institute for Personality and Ability Testing
1801 Woodfield Dr / Savoy IL 61874 USA
217-352-4739 (v) / 217-352-9674 (f)
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
