Mr Cox,
Your assuming someone is targeting you specifically. IME @home computers
are mass scanned and targets are selected based on open ports and then
specifically targeted. Preventing a kiddy from getting your open port list
is kinda like using "The Club" on you car, it just makes them move onto the
next guy. If someone wants you car specifically it doesn't really prevent
them from taking it. (It adds ~10 seconds to the time it takes to steal it,
if that.)
If you running a public web server, things are different and as a stated in
my first email I wouldn't use PortSentry on it because of DOS issues.
If you don't like to drop route you can always just log the attempts, at
least then you get some warning. (Logging can also be used to find possible
slow scans.)
I'm _not_ advocating going without a good firewall, but if you can monitor
port scan attempts, and stop of lot of script kiddies before they get
started, why not do it.
PortSentry is not the complete solution, only part of one, and it has to be
used correctly and in conjunction with other security measures. (Firewalls,
VPNs, etc.)
PS. Since this is a networking list, any chance you'd care to explain the
20 packets of death that can screw up DNS? Does this imply crashing bind,
or does it do something else? If there anyway a public DNS server can
defend against it, etc.
PPS. What's better: losing your access, or having a kiddy break into you
computer and use it as a launch pad for hack attempts that cause your ISP
to yank your access or worse...
At 04:57 PM 5/10/2000 +0100, you wrote:
> > Hello Alan, OK, Then Why ? I really do hate prim answers like
> > this w/o any explanation . Tia, JimL
>
>Its trivial for me to find your DNS servers, 20 faked source packets and
>you are without DNS. A non experienced sysadmin is going to take a very
>long time to figure out where the DNS went.
>
>It also wont detect some of the cleverer slow port scans. So it gives you
>no more security but makes you easier to take out.
>
>You can build tools that generate basic firewalling for most end user setups
>and ask only simple questions. I'm about to release a new version of one
>(gnome-lokkit). [and if you want to port it to kde please do...]
>
>Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
