On Mon, 30 Sep 2002, Michael Renzmann wrote:
> Hi. > > Zeno Davatz wrote: > > I am just gonna deinstall portsentry - why did I install it in the first > > place??? > > In order to get informed in cases when there are (more or less) obvious > port scans? :) i say scan the ports all you like .... you can detect the scan or LOG everything ... and figure out which tripped your IDS from the logs port scanners and detectors http://www.Linux-Sec.net/Scanner/ - if you let the port scanner send you pages,... i know one company that got a $30,000/day pager bill - for pointless phone calls ... - i know others, that if they get nmap'd ( port scanned ), they simply and automatically put that ip# number(s) into their firewall reject list - if you let tripwire send you emails that the system been hacked, you're too late... you've been hacked... game over ... but i wanna be able to say....wishfully... if you attempt any real illegal connections, that you're caught ... within a few minutes... and off we go to lawyers ... - script kiddies only need a minute or two to gain complete access to your server and hide everything with the automated scripts but, all is easier said than done.. and you'll find 80% of yourhacker attacks are simply and luckily internal users doing stuff they werent supposed to be -- script kiddies will get in ... sooner or later... all you can do is minimize the damage they can do .. - dont use the same root passwd, always require passwds, - use umountable media for backups... ... blah blah .. c ya alvin