Thanks Jasper, very good points !
-----Original Message-----
From: Jasper Jans [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 31, 2000 12:53 AM
To: [EMAIL PROTECTED]
Subject: Re: Portsentry vs ipchains firewalling
| Do I understand correctly, that the ipchains script from
| (http://ipchains.nerdherd.org/) does exactly the same thing as Portsentry
| does, except the ipchains script does the redirection/denial "up front"
| where the Portsentry s/w does the redirection/denial "in real time" ?
A static ipchains script will never be able to do the same as portsentry,
altho the way both handle the blocking of incomming traffic might be
the same.
If u know up front that u dont want to allow certain kinds of traffic
( i only allow www and ftp/ssh from specific sites into my machines)
or that u know of certain sites u most definately dont want to have
access to your machine, put those in a static ipchains script.
If you get "attacked" by a site portsentry will block all traffic from
that site. Attacked here can range from a real attack to a simple
port scan.. and based on what is in your ipchains script already
a portscan will or will not bother you.
| Is this correct, or have I missed something ? It would seem though the
| Portsentry s/w is more robust than is the ipchains script.
Since both use the same principle - denying packets on a kernel level -
both are equally robust (the wrapper ability in portsentry is rather useless
imho if u also use ipchains to block traffic).
One is just always in place (the script) and the other one protects you
from the lil pests that grow on the internet.
One is to be save.. the other is to prevent you from having to be sorry.
:P
(all of this is ofcourse my opinion of things ;)
J.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
