On Fri, Oct 18, 2002 at 12:12:33PM +0200, Thomas Ribbrock wrote:
: Further, I've been thinking about portsentry. What's the use of it?
You're not the only one who wonders this.
: If you
: have a firewall set up that's only allowing access to specifically defined
: ports from the outside on which you have services running (no need to have
: any other ports open), portsentry would never see a thing, right?
True. IMO, portsentry does nothing that a reasonable firewall and NIDS
configuration does, except automatically blackhole people. One can achieve
that functionality through snort, built with flexresp. So again, nothing
that can't be done with a reasonable firewall and NIDS config.
: I for example have my firewall set up that way: Everything's blocked except
: a few defined ports on which I have services running (e.g. port 80, as I
: have a web server running[0]. Connections initiated from the inside are no
: problem, as the firewall is stateful (I'm using pf on OpenBSD - can iptables
: do this as well? ipchains couldn't, AFAIR), so am I right in assuming that
: portsentry wouldn't buy me anything?
You're correct, iptables is also stateful. Using portsentry *might* have
some value if you run ipchains and no NIDS, but that's about the only
circumstance where I think it's terribly useful. Such programs often
hamper administrators. It's awfully easy to shoot yourself in the foot,
blocking YOURSELF from accessing your own system.
--
Jason Costomiris <>< | Technologist, geek, human.
jcostom {at} jasons {dot} org | http://www.jasons.org/
Quidquid latine dictum sit, altum viditur.
My account, My opinions.
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
