Thanks for the info Jason. I've once ran portsentry and ipchains when I was a very
new newbie.Now I'am only newbie. But at that time I'll never understood how it worked.
Jason Costomiris <[EMAIL PROTECTED]> wrote:
On Fri, Oct 18, 2002 at 12:12:33PM +0200, Thomas Ribbrock wrote:
: Further, I've been thinking about portsentry. What's the use of it?
You're not the only one who wonders this.
: If you
: have a firewall set up that's only allowing access to specifically defined
: ports from the outside on which you have services running (no need to have
: any other ports open), portsentry would never see a thing, right?
True. IMO, portsentry does nothing that a reasonable firewall and NIDS
configuration does, except automatically blackhole people. One can achieve
that functionality through snort, built with flexresp. So again, nothing
that can't be done with a reasonable firewall and NIDS config.
: I for example have my firewall set up that way: Everything's blocked except
: a few defined ports on which I have services running (e.g. port 80, as I
:! have a web server running[0]. Connections initiated from the inside are no
: problem, as the firewall is stateful (I'm using pf on OpenBSD - can iptables
: do this as well? ipchains couldn't, AFAIR), so am I right in assuming that
: portsentry wouldn't buy me anything?
You're correct, iptables is also stateful. Using portsentry *might* have
some value if you run ipchains and no NIDS, but that's about the only
circumstance where I think it's terribly useful. Such programs often
hamper administrators. It's awfully easy to shoot yourself in the foot,
blocking YOURSELF from accessing your own system.
--
Jason Costomiris <>< | Technologist, geek, human.
jcostom {at} jasons {dot} org | http://www.jasons.org/
Quidquid latine dictum sit, altum viditur.
My account, My opinions.
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.co! m/mailman/listinfo/redhat-list
http://hom! e.no.net/~knutove/knut_ove_hauge_kuren.htm
Yahoo! Mail har fått nytt utseende
Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok
