Re: Portsentry issue/problem
On 25.07.2002 0:47 Uhr thou speakest, Crawford Rainwater these words:
[..cut portsentry descr..]
Hi!
well, this is the way portsentry works: it "opens" the ports to the outside,
but is the only daemon behind listening to the ports. And if something
"naughty" (in portsentry's opinion) is going on it reacts with the options
you defined (usually block the ip-adress, add it to hosts.deny, add into
ipchains, delete the other's user-account, post in his name to
alt.binaries.adults.with.sadomaso.fetish....oh, no, this is the bastard
operators way ;-))) .
What I realized is:
.) 'till now it is safe to leave it that way but
.) those kiddies scan your computer and think that these ports _are_ indeed
open, so you have more attack-tries, which results in longer log-files and
longer ip-chains.
So my decision was to turn portsentry off and -voila- I had much smaller
logfiles and less 'attacks', only the standard port 80, port 21 (though I
haven't a ftp-daemon behind....).
It's up to you, what you'll do. As far as I could realize, portsentry is
'till now no additional problem. But who knows?
regards
zelko
--
*nix isn't user-unfriendly. It's just specific about it's friends. So if you
want it as a friend: be specific.
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: