On Mon, 2 Feb 2004 18:28:31 -0800 (PST), Alvin Oga wrote: >On Mon, 2 Feb 2004, Johannes Graumann wrote: > >> > > Checking 'bindshell'... INFECTED [PORTS: 1524 31337] >> At this point I believe to be able to attribute this to portsentry >> running - '/etc/init.d/portsentry stop' makes it go away, > >odd that portsentry does that... oh welll ...
Um, no - I believe that's not odd at all - because Port Sentry's method is to listen on every conceivable port so that it can detect inbound connection attempts. NB: this is just hearsay - I've never actually used Port Sentry, due to reports about this very problem. In fact, IIUC you also need to have all those ports unfirewalled so that Port Sentry can do its stuff. Quite a few people think this is a Very Bad Thing ... and that's been good enough for me. [And then there's Port Sentry's "attack-response" feature, which can apparently leave you deaf dumb & blind if someone sends you spoofed packets. I _think_ the current wisdom is that Port Sentry is an all round Bad Idea, but maybe it's just a religious thing ..] Somebody please tell me if I'm wrong here. Nick Boyce Bristol, UK -- I tried to patent patent barratry as a business model, but there was too much prior art. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
