See the problem with portsentry and your ids doing things like that is
this; if I am an attacker and I know you are doing that I can just spoof
port scans from yahoo.com, your dns server, hotmail.com, blah blah blah,
and basically cause a d0s attack. Since I don't really care about the
response (
On Fri, Nov 09, 2001 at 09:26:44AM -0600, Dustin Puryear wrote:
> One big issue is that it would be easy to spoof someone else's IP address in
> order to cause the server to block that person from accessing the machine. A
> very good DOS attack. (Imagine if the server in question was a DNS server
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This is true but you can tell PortSentry what IPs to always ignore... so
you would probably want to put in your DNS servers, mail servers, etc...
thanks,
On Fri, 9 Nov 2001, Dustin Puryear wrote:
> Well, PortSentry will alert you via syslog of it's
on 11/8/01 2:37 PM, Karel Jennings at [EMAIL PROTECTED] wrote:
> Hello, I was recently working on a remote server, playing with mysql.
> Anyway. I wanted to see what ports were open, and nmaped the box.:) They
> machine had portsentry running, and it dropped my connection *AND* put my ip
> in the
Well, PortSentry will alert you via syslog of it's action, so you can view
the operation as the software immediately reacting and then letting you take
appropriate steps for a long-term solution. You can turn this feature off if
desired, and in fact, I usually do.
One big issue is that it would b
On Thu, Nov 08, 2001 at 12:37:53PM -0700, Karel Jennings wrote:
> Hello, I was recently working on a remote server, playing with mysql.
> Anyway. I wanted to see what ports were open, and nmaped the box.:) They
> machine had portsentry running, and it dropped my connection *AND* put my ip
> in th
