-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is true but you can tell PortSentry what IPs to always ignore... so you would probably want to put in your DNS servers, mail servers, etc...
thanks, On Fri, 9 Nov 2001, Dustin Puryear wrote: > Well, PortSentry will alert you via syslog of it's action, so you can view > the operation as the software immediately reacting and then letting you take > appropriate steps for a long-term solution. You can turn this feature off if > desired, and in fact, I usually do. > > One big issue is that it would be easy to spoof someone else's IP address in > order to cause the server to block that person from accessing the machine. A > very good DOS attack. (Imagine if the server in question was a DNS server. > Remember, PortSentry may also create a black hole route for that host rather > than just using tcp_wrappers.) > > Regards, Dustin > > > -----Original Message----- > > From: Karel Jennings [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, November 08, 2001 1:38 PM > > To: [EMAIL PROTECTED] > > Subject: portsentry etc > > > > > > Hello, I was recently working on a remote server, playing with mysql. > > Anyway. I wanted to see what ports were open, and nmaped the box.:) They > > machine had portsentry running, and it dropped my connection > > *AND* put my ip > > in the hosts.deny. Isn't this a little bit harsh? Or is it good > > practise? My > > IDS at home bans for a couple days, but not infintely. that got me > > thinking.. what is the better practise? > > > > > > as a side note, I have my firewall/router blocking pings. That > > seems to have > > reduced the triggering the IDS.. is this just following the > > premise that the > > scriptkiddies won't touch what they can't see? > > > > Ciao! > > > > Karel > > > > > > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (OpenBSD) Comment: For info see http://www.gnupg.org iD8DBQE77cUm3Qw8DHute6kRAjFkAKCV3iytoeQyQQsALGFrL7h4EpsCRACeMyf+ JVLJfW6xLbxOegs9Am9qkPc= =8jsg -----END PGP SIGNATURE-----
