[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Intrusion Attempts

Matthias Hentges <eebe@gmx.net> writes:

>> I've just explained over on comp.os.linux.security why portsentry is a
>> lousy idea, but to summarize:
>> a) "dynamic" means nothing when the packets shouldn't have permeated to
>> user-space at all;
>> b) risk of auto-DoS if someone spoofs a given set of valuable IP#s;
>> c) having to have no firewall, or extra holes in a firewall, in order to
>> detect a finite set of events seems daft when you could just be blocking
>> them already by default.
> But portsentry may still be a good thing to have if for some reason the
> firewall gets flushed. I know, this should never happen, but it can.

cron(8) is also your friend for this and other reasons. It's also a better
use of memory-space than to have a daemon lurking never used in case of
firewall failure. Then again...

Swings and roundabouts, I guess.



Reply to: