gt; >To: Roderick Cummings <[EMAIL PROTECTED]>
> >CC: debian
> >Subject: Re: Port Sentry
> >Date: Sat, 2 Jun 2001 20:51:46 +0530 (IST)
> >
> >On Sat, 2 Jun 2001, Roderick Cummings wrote:
> >
> > > Now when portsentry detects a port scan it blo
From: "Noah L. Meyerhans" <[EMAIL PROTECTED]>
To: Debian User List
Subject: Re: Port Sentry
Date: Sat, 2 Jun 2001 12:50:39 -0400
On Sat, Jun 02, 2001 at 08:51:46PM +0530, Rajkumar S. wrote:
> > Now when portsentry detects a port scan it blocks the ip making the
>
From: "Rajkumar S." <[EMAIL PROTECTED]>
To: Roderick Cummings <[EMAIL PROTECTED]>
CC: debian
Subject: Re: Port Sentry
Date: Sat, 2 Jun 2001 20:51:46 +0530 (IST)
On Sat, 2 Jun 2001, Roderick Cummings wrote:
> Now when portsentry detects a port scan it blocks the ip
hi john
i think its more the issue of what "users" do after they see
the portscan log messsages...
changing fw rules due to portscan loggs is like shooting yourself
in the foot if one does not know why you're updating the fw rules
( "i heard someone say update the fw to stop port scans" is not g
hi ya raj
> Is it wise to block an ip just because it did a port scan?
> What if s/he spoofs the ip and puts your ip as source address?
thats exactly what the next level of "script kiddies" does
to get you to block all incoming legit connections
- in this case..block connections from yo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2 Jun 2001, John Hasler wrote:
>
> > It is trivial to spoof the source address of a portscan, allowing one to
> > cause your machine to block access from your nameservers or your clients
> > or other important sites.
>
> While certainly no panacea,
> It is trivial to spoof the source address of a portscan, allowing one to
> cause your machine to block access from your nameservers or your clients
> or other important sites.
While certainly no panacea, portsentry isn't that stupid. The authors
thought about this and provided for it.
--
John
On Sat, Jun 02, 2001 at 08:51:46PM +0530, Rajkumar S. wrote:
> > Now when portsentry detects a port scan it blocks the ip making the
> > scan.
>
> Is it wise to block an ip just because it did a port scan?
> What if s/he spoofs the ip and puts your ip as source address?
This is the real problem,
On Sat, 2 Jun 2001, Roderick Cummings wrote:
> Now when portsentry detects a port scan it blocks the ip making the
> scan.
I am not an expert in security, but some doubts.
Is it wise to block an ip just because it did a port scan?
What if s/he spoofs the ip and puts your ip as source address?
r
hi ya roderick
- portsentry is a hostbased detector...
- try using snort for port scan detection
- if you have a client site and your own facilities...
i assume you/they both have firewalls on both ends
- you prevent them from playing around in your lan
- they prevent you fro
I have set up a debian system to act as an intrusion detection system with
portsentry. Now when portsentry detects a port scan it blocks the ip making
the scan. Is there a way to get this information propogated to nearby
routers, etc. It would be interesting to have all traffic to or from the
o
There is a (non-free) package for woody:
dpkg -s portsentry:
Package: portsentry
Status: install ok installed
Priority: optional
Section: non-free/net
Installed-Size: 121
Maintainer: Guido Guenther <[EMAIL PROTECTED]>
Version: 1.0-1.4
Depends: libc6 (>= 2.1.2), netbase, sysklogd, procps, debconf,
Hello Debian Users,
Can anyone tell me if they are using port sentry with potato 2.2 to any success?
I was hoping that there would be a package *.deb for it soon, but it looks like
there is none in the making. Just wondering if this program is difficult to
install.
Thanks,
Debian Ghost.
13 matches
Mail list logo