Changed the subject to keep it a bit more general - I still have a few
thoughts and questions... :-)
On Fri, Oct 18, 2002 at 10:04:46AM +0100, Nick Lindsell wrote:
> The Tripwire documentation suggests that the database be
> held on a floppy which is then write-protected - should
> prevent a blackhat getting to it.
Ok, so lets say I have the original Tripwire DB on a read-only medium
(CD-ROM would work, too, I suppose). But it still only tells me about
problems *after* the damage has been done, right? Tripwire does nothing to
*prevent* an attack, or am I missing something here? So, the main (only?)
use would be to serve as a warning system a la "This system probably has
been hacked!", right?
Further, I've been thinking about portsentry. What's the use of it? If you
have a firewall set up that's only allowing access to specifically defined
ports from the outside on which you have services running (no need to have
any other ports open), portsentry would never see a thing, right?
I for example have my firewall set up that way: Everything's blocked except
a few defined ports on which I have services running (e.g. port 80, as I
have a web server running[0]. Connections initiated from the inside are no
problem, as the firewall is stateful (I'm using pf on OpenBSD - can iptables
do this as well? ipchains couldn't, AFAIR), so am I right in assuming that
portsentry wouldn't buy me anything?
Cheerio,
Thomas
[0] port 443 is closed (I have no need for secure pages at the moment),
which was quite interesting to see when Slapper started... I'm *still*
getting quite a few hits on 443...
--
http://www.netmeister.org/news/learn2quote.html
...'cause only lusers quote signatures!
Thomas Ribbrock | http://www.ribbrock.org | ICQ#: 15839919
"You have to live on the edge of reality - to make your dreams come true!"
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
