[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Should I use Snort/PortSentry?



* Quoting Kristof Goossens (kristof@xssass.be):
> On Thu, May 22, 2003 at 08:46:47PM -0400, Rob French wrote:
> > So, are any network/port-related tools useful?
> 
> In my personal opinion it is ALWAYS usefull to know what is going on on your
> system. No mather how little ports are open...
> 
> You said it was for your laptop, and thats why you should certainly use
> these tools... A laptop travels with the owner and has the specific feature
> of being plugged into the internal network most of the time. This is at home
> as well as on location...

With these tool, you are adding up more complexity
to your setup and might become vulnarable.
Remember the latest snort exploit. So the extra
"security" layer made your system unsecure.

Snort is ok to protect a network, when installed
on a separate host. I don't see any use of opening
more ports in order to increase security, I never
understood portsentries approach.

Why not let the TCP-Stack do it's job in RSTing
incoming connections, maybe with a little help
from netfilter. Netfilter can log incomming
connection attempts, too, if you really need to
know.

YMMV, Rolf



Reply to: