On Fri, Nov 09, 2001 at 09:26:44AM -0600, Dustin Puryear wrote: > One big issue is that it would be easy to spoof someone else's IP address in > order to cause the server to block that person from accessing the machine. A > very good DOS attack. (Imagine if the server in question was a DNS server. > Remember, PortSentry may also create a black hole route for that host rather > than just using tcp_wrappers.)
Which is why PortSentry's automated responses to probes are no substitute for watching what happens to your box. In order to use it correctly you need to *investigate* each and every such event on your box to see what's really happening. PortSentry is still primarily a monitoring tool, and unless someone watches its output, it's useless. -- Rafael R. Sevilla <[EMAIL PROTECTED]> +63(2) 8177746 ext. 8311 Programmer, Inter.Net Philippines +63(917) 4458925 http://dido.engr.internet.org.ph/ OpenPGP Key ID: 0x5CDA17D8
