[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Port Sentry

hi ya roderick

- portsentry is a hostbased detector...

- try using snort for port scan detection

- if you have a client site and your own facilities...
  i assume you/they both have firewalls on both ends 
	- you prevent them from playing around in your lan
	- they prevent you from playing around in their lan

	- the local firewalls should block the traffic from
	getting to the other side ... if it doesnt and they
	wanted to send 1000 pings... their servers would be busy
	sending the request across the wire/vpn to be dropped 
	at your end after they have successfully tied up your vpn
	by sending garbage or malicious data to your side of the moat

- nothing you can do about people that are allowed to be on
  the gateway/firewall boxes...that wanna play for fun....
	all other folks wouldnt get pass their local firewall

c ya
alvin
http://www.Linux-Sec.net


On Sat, 2 Jun 2001, Roderick Cummings wrote:

> I have set up a debian system to act as an intrusion detection system with 
> portsentry. Now when portsentry detects a port scan it blocks the ip making 
> the scan. Is there a way to get this information propogated to nearby 
> routers, etc. It would be interesting to have all traffic to or from the 
> offending system be rejected. We have a lot of connections to our customers 
> networks, the thing we worry about is one of their employee trying some kind 
> of hack or DOS. Thanks.
Reply to: