Changed the subject to keep it a bit more general - I still have a few thoughts and questions... :-)
On Fri, Oct 18, 2002 at 10:04:46AM +0100, Nick Lindsell wrote: > The Tripwire documentation suggests that the database be > held on a floppy which is then write-protected - should > prevent a blackhat getting to it. Ok, so lets say I have the original Tripwire DB on a read-only medium (CD-ROM would work, too, I suppose). But it still only tells me about problems *after* the damage has been done, right? Tripwire does nothing to *prevent* an attack, or am I missing something here? So, the main (only?) use would be to serve as a warning system a la "This system probably has been hacked!", right? Further, I've been thinking about portsentry. What's the use of it? If you have a firewall set up that's only allowing access to specifically defined ports from the outside on which you have services running (no need to have any other ports open), portsentry would never see a thing, right? I for example have my firewall set up that way: Everything's blocked except a few defined ports on which I have services running (e.g. port 80, as I have a web server running[0]. Connections initiated from the inside are no problem, as the firewall is stateful (I'm using pf on OpenBSD - can iptables do this as well? ipchains couldn't, AFAIR), so am I right in assuming that portsentry wouldn't buy me anything? Cheerio, Thomas [0] port 443 is closed (I have no need for secure pages at the moment), which was quite interesting to see when Slapper started... I'm *still* getting quite a few hits on 443... -- http://www.netmeister.org/news/learn2quote.html ...'cause only lusers quote signatures! Thomas Ribbrock | http://www.ribbrock.org | ICQ#: 15839919 "You have to live on the edge of reality - to make your dreams come true!" -- redhat-list mailing list unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list