On Fri, Oct 18, 2002 at 12:12:33PM +0200, Thomas Ribbrock wrote: : Further, I've been thinking about portsentry. What's the use of it?
You're not the only one who wonders this. : If you : have a firewall set up that's only allowing access to specifically defined : ports from the outside on which you have services running (no need to have : any other ports open), portsentry would never see a thing, right? True. IMO, portsentry does nothing that a reasonable firewall and NIDS configuration does, except automatically blackhole people. One can achieve that functionality through snort, built with flexresp. So again, nothing that can't be done with a reasonable firewall and NIDS config. : I for example have my firewall set up that way: Everything's blocked except : a few defined ports on which I have services running (e.g. port 80, as I : have a web server running[0]. Connections initiated from the inside are no : problem, as the firewall is stateful (I'm using pf on OpenBSD - can iptables : do this as well? ipchains couldn't, AFAIR), so am I right in assuming that : portsentry wouldn't buy me anything? You're correct, iptables is also stateful. Using portsentry *might* have some value if you run ipchains and no NIDS, but that's about the only circumstance where I think it's terribly useful. Such programs often hamper administrators. It's awfully easy to shoot yourself in the foot, blocking YOURSELF from accessing your own system. -- Jason Costomiris <>< | Technologist, geek, human. jcostom {at} jasons {dot} org | http://www.jasons.org/ Quidquid latine dictum sit, altum viditur. My account, My opinions. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list