On 8 Mar 2001, Dominic Mitchell wrote:
>
> I have question related to portsentry. Doing
> /usr/sbin/lsof -i -n -P shows that many ports are not used
> but they are listened to by portsentry. How useful is it in terms
> of security? Pardon my lack of knowledge in security issues, I am
> trying to understand ...
>
Well, having portsentry listening on ports where you do not have
services running alearts you to people that are scanning systems. If
you do not have services running on these ports, and people are trying
to connect, it give you an indication of trouble. If you get someone
trying to connect to several ports for services you do not offer to the
Internet, chances are you have someone trying to break in. This is
especialy true if they are trying ports that are not normaly open to the
Internet. Things like proxy ports, and lpd, that are normaly only used
by people on the local network. I can think of no valid reasion for me
to try and use a machine on your network for a proxy server, or to try
and spool a print job to one of your printers.
Another example - there is no reasion for someone to try and connect to
port 53 on my network - the name servers for my network are on my ISPs
servers. (I do run a name server for the local network, but that is not
accessable from the Internet...)
>
> I must admit that adding filters in the router does not ring any
> bell...Security issues are my main concern for now. I will learn.
>
>
> Thanks.
>
> Dominic.
>
>
Mikkel
--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
