Re: portsentry

To: Sam Varghese <sam@gnubies.com>
Cc: <debian-user@lists.debian.org>
Subject: Re: portsentry
From: Adam Shand <larry@spack.org>
Date: Wed, 18 Jul 2001 00:03:29 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.4.32.0107172358000.1083-100000@maus.spack.org>
In-reply-to: <[🔎] 20010718161808.A289@sammo.gnubies.com>

> It is the first time I have read anything negative about portsentry.

while a lot of what the author is saying is true portsentry and snort are
two quite different things.  really the only thing they have in common is
that they are designed to improve the security of your network/server.

portsentry is a very simple dynamic firewall.  dynamic firewalls have
their uses, but i certainly wouldn't run them on a production server for
an isp (to prone to blocking the wrong thing), but for my personal machine
it's great, it keeps moron's away by letting them think that they've
crashed my machine so they can laugh and move on.  for example i was just
at defcon (big hacker conference).  someone nmap'd my home server from the
defcon network and it was immediately invisible to the defcon network.
in my mind this is a good thing.

snort is a network intrusion detection system.  this is a much more
complicated and full featured beast.  snort does stateful (i think?)
inspection of all network traffic by putting it's nic into promiscuous
mode.  it is not designed to take action when it sees something "bad" it's
designed to report on it and allow you to analysse what sort of traffic is
occuring on your network.  this is great for corporate networks where you
are always worried about someone attacking your firewall or getting in
behind your firewall.

they are both great pieces of software, but they serve different purposes.

adam.

Reply to:

References:
- portsentry
  - From: Sam Varghese <sam@gnubies.com>

Prev by Date: Re: Folders in Mutt
Next by Date: Re: Folders in Mutt
Previous by thread: portsentry
Next by thread: Re: portsentry
Index(es):
- Date
- Thread