Jacob Meuser wrote: >On Wed, Jan 16, 2002 at 01:42:14PM -0800, Ben Barrett wrote: > >>[root@benBox /etc]# telnet localhost 6667 >>Trying 127.0.0.1... >>Connected to localhost (127.0.0.1). >>Escape character is '^]'. >>Connection closed by foreign host. >> > >>portsentry actually binds to >>the list of ports in /etc/portsentry/portsentry.conf >>so that resulting scans make the system appear generic and running lots >>of services! >> > >Is the idea behind portsentry to ba a "fly catcher" (I can think >of any other reason to fake services), an if so, how would listening >on 127.0.0.1 achieve this? > It looks like portsentry just binds to all interfaces instead of being selective and only binding to a specific interface like a publically connected ethernet card. So, it doesn't really care whether it's coming from the loopback device or eth0 or whatever. This might be a nice configuration option to request if anyone is using this tool. The article Ben linked to certainly had a pretty negative tone about this program, I wonder if other people are finding it useful...'
Kahli