Re: Intrusion Attempts

To: Matthias Hentges <eebe@gmx.net>
Cc: debian-security@lists.debian.org
Subject: Re: Intrusion Attempts
From: Tim Haynes <debian@stirfried.vegetable.org.uk>
Date: Tue, 10 Dec 2002 17:04:17 +0000
Message-id: <86r8cpu7ou.fsf@potato.vegetable.org.uk>
Reply-to: debian-reply@stirfried.vegetable.org.uk
In-reply-to: <1039539180.4214.27.camel@mhcln02> (Matthias Hentges's message of "10 Dec 2002 17:53:01 +0100")
References: <14c.184c51f1.2b1ec030@aol.com> <20021210102408.2275b830.ariel@mejujuy.gov.ar> <86wumivvib.fsf@potato.vegetable.org.uk> <1039539180.4214.27.camel@mhcln02>

Matthias Hentges <eebe@gmx.net> writes:

[snip]
>> I've just explained over on comp.os.linux.security why portsentry is a
>> lousy idea, but to summarize:
>> 
>> a) "dynamic" means nothing when the packets shouldn't have permeated to
>> user-space at all;
>> 
>> b) risk of auto-DoS if someone spoofs a given set of valuable IP#s;
>> 
>> c) having to have no firewall, or extra holes in a firewall, in order to
>> detect a finite set of events seems daft when you could just be blocking
>> them already by default.
>
> ACK
> But portsentry may still be a good thing to have if for some reason the
> firewall gets flushed. I know, this should never happen, but it can.

cron(8) is also your friend for this and other reasons. It's also a better
use of memory-space than to have a daemon lurking never used in case of
firewall failure. Then again...

Swings and roundabouts, I guess.

[snip]

~Tim
-- 
<http://spodzone.org.uk/>

Reply to:

References:
- Intrusion Attempts
  - From: Trawets53@aol.com
- Re: Intrusion Attempts
  - From: Ariel Graneros <ariel@mejujuy.gov.ar>
- Re: Intrusion Attempts
  - From: Tim Haynes <debian@stirfried.vegetable.org.uk>
- Re: Intrusion Attempts
  - From: Matthias Hentges <eebe@gmx.net>

Prev by Date: Re: Intrusion Attempts
Next by Date: Re: Updating Snort Signatures In Stable ?
Previous by thread: Re: Intrusion Attempts
Next by thread: Re: Intrusion Attempts
Index(es):
- Date
- Thread