Re: Hacked - is it my turn?
On Mon, 2 Feb 2004 18:28:31 -0800 (PST), Alvin Oga wrote:
>On Mon, 2 Feb 2004, Johannes Graumann wrote:
>
>> > > Checking 'bindshell'... INFECTED [PORTS: 1524 31337]
>> At this point I believe to be able to attribute this to portsentry
>> running - '/etc/init.d/portsentry stop' makes it go away,
>
>odd that portsentry does that... oh welll ...
Um, no - I believe that's not odd at all - because Port Sentry's
method is to listen on every conceivable port so that it can detect
inbound connection attempts. NB: this is just hearsay - I've never
actually used Port Sentry, due to reports about this very problem. In
fact, IIUC you also need to have all those ports unfirewalled so that
Port Sentry can do its stuff. Quite a few people think this is a Very
Bad Thing ... and that's been good enough for me.
[And then there's Port Sentry's "attack-response" feature, which can
apparently leave you deaf dumb & blind if someone sends you spoofed
packets. I _think_ the current wisdom is that Port Sentry is an all
round Bad Idea, but maybe it's just a religious thing ..]
Somebody please tell me if I'm wrong here.
Nick Boyce
Bristol, UK
--
I tried to patent patent barratry as a business model,
but there was too much prior art.
Reply to: