RE: [SLU] Portsentry with Storm Firewall

Tue, 09 Jan 2001 18:48:36 -0800 

I'm using PortSentry's sudp and stcp modes in conjunction with Storm
Firewall.  Just note that the ipchains and the portsentry triggers work hand
in hand.

I've found that if, for example, you drop packets going to the X ports
(6000, etc.) in your ipchains, the the portsentry alarm monitoring the port
will never be tripped...even if someone portscans you.

Take a day or two to try things out...have a bunch of your buddies do decoy
scans on your box and see what trips portsentry.
Let your box sit for a day and watch windows boxes trip your portsentry
configuration when they broadcast bootps packets on class C networks. Then
spend the next two days wondering why in the world Windows boxes would
resort to a such a last-ditch effort at dhcp.

I also employ portsentry on the *inside* of the firewall to watch for abuses
of the network, making certain that no one is using an internal resource for
attacks outside of the local net...Portsentry is a wonderful tool.

------Original Message------
From: Steven L Hess <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Sent: January 10, 2001 12:10:42 AM GMT
Subject: [SLU] Portsentry with Storm Firewall


I am thinking of adding portsentry to my Storm Firewall Disto. Has
anyone done this? I want to make sure I don't hose my current setup.
I let my Support period lapse before I had time to install my
packege completey and deploy the firewall box I purchased it for :). I
am still trying to figure out the "rules" even though as any Storm user
knows the Manuals and the best I have seen with any distro.

Thanks in advance for any Help.

Steven




_______________________________________________
Stormlinux-users-list mailing list
[EMAIL PROTECTED]
http://www.stormix.com/community/lists/listinfo/stormlinux-users-list

Message void if penguin violated.
Don't mess with the penguin.
______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup

_______________________________________________
Stormlinux-users-list mailing list
[EMAIL PROTECTED]
http://www.stormix.com/community/lists/listinfo/stormlinux-users-list

Reply via email to