Re: Intrusion Attempts
Matthias Hentges <email@example.com> writes:
>> I've just explained over on comp.os.linux.security why portsentry is a
>> lousy idea, but to summarize:
>> a) "dynamic" means nothing when the packets shouldn't have permeated to
>> user-space at all;
>> b) risk of auto-DoS if someone spoofs a given set of valuable IP#s;
>> c) having to have no firewall, or extra holes in a firewall, in order to
>> detect a finite set of events seems daft when you could just be blocking
>> them already by default.
> But portsentry may still be a good thing to have if for some reason the
> firewall gets flushed. I know, this should never happen, but it can.
cron(8) is also your friend for this and other reasons. It's also a better
use of memory-space than to have a daemon lurking never used in case of
firewall failure. Then again...
Swings and roundabouts, I guess.