Re: portsentry dangerous? hardly; RTFM. (was Re: checking security logs)
On Wed, 31 Jan 2001, Quietman wrote:
> On Wed, Jan 31, 2001 at 12:54:41AM +0000, Quietman wrote:
> > On Tue, Jan 30, 2001 at 04:56:12PM +0000, thomas lakofski wrote:
> > > ipchains -L -n
> > Excuse me if I'm missing the point, but what will this show other than
> > any rules you already have in place?
> And obviously, how many packets have been intercepted by that rule.
If you read back in the thread you'll see that the point of contention was
whether an admin could know what hosts had been blocked by portsentry,
particularly in the case of a 'denial of service' where someone tries to make
the portsentry host block large numbers of dynamic IP addresses. Equally one
could reference the portsentry logs which will contain similar information.
Adding appropriate accounting rules when blocking would let you know how many
packets had been intercepted without vast effort.
who's watching your watchmen?
gpg: pub 1024D/81FD4B43 sub 4096g/BB6D2B11=>p.nu/d
2B72 53DB 8104 2041 BDB4 F053 4AE5 01DF 81FD 4B43