portsentry dangerous? hardly; RTFM. (was Re: checking security logs)
On Wed, 24 Jan 2001, Mark Suter wrote:
> The only way under IPv4 be safe from spoofing is for everyone to
> implement proper Network Ingress Filtering [RFC2827, BCP0038] on
> their networks. Please, read this RFC.
>
> http://www.faqs.org/rfc/rfc2827.txt
bah. all this talk about portsentry being dangerous forgets that you can also
run it so it only triggers after a full TCP connect. while not un-spoofable,
it's very hard for an attacker to spoof as they have to be in-line between your
host and the host they're trying to spoof. plus, they'll have a task guessing
sequence numbers.
all this stuff is in the documentation anyway. does anyone read documentation
anymore? it's more productive than guessing in public.
portsentry has been protecting my host without a firewall in front of it for
three years now; it has always worked exactly as it said it would.
cheers,
-thomas
--
who's watching your watchmen?
gpg: pub 1024D/81FD4B43 sub 4096g/BB6D2B11=>p.nu/d
2B72 53DB 8104 2041 BDB4 F053 4AE5 01DF 81FD 4B43
Reply to: