Ok Loossee. Splain it to me. The part I don't get is: How does portsentry
see any packets at all if my basic policy is DENY? I.e., the firewall (in
this case done with ipchains via pmfirewall) soaks up all packets and
silently discards them. So how does portsentry ever get to think that
*anything* is ever trying to probe me?
--
-Time flies like the wind. Fruit flies like a banana. Stranger things have -
-happened but none stranger than this. Does your driver's license say Organ
-Donor?Black holes are where God divided by zero. Listen to me! We are all-
-individuals! What if this weren't a hypothetical question? [EMAIL PROTECTED]
On Sun, 22 Jul 2001, ABrady wrote:
=>On Sun, 22 Jul 2001 16:34:59 -0400 (EDT) "Steven W. Orr"
=><[EMAIL PROTECTED]> imparted to us:
=>
=>> Does portsentry work in conjunction *with* your firewall or is it
=>> intended
=>> to work *instead* of your firewall?
=>>
=>> I'm trying to figure out if I should run both or not.
=>>
=>> TIA
=>
=>With. Security should be done in layers: prevention, monitoring,
=>corrective action, recovery, etc. Portsentry would fall in between
=>prevention and monitoring. I personally use iptables (setup with
=>Bastille), portsentry, snort, lids (if I can ever get the effin' kernel
=>to compile and work) and watch 4 logs contstantly.
=>
=>
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
