Re: Port Sentry - users

To: John Hasler <john@dhh.gt.org>
Cc: Debian User List <debian-user@lists.debian.org>
Subject: Re: Port Sentry - users
From: Alvin Oga <aoga@Mail.Linux-Consulting.com>
Date: Sat, 2 Jun 2001 15:00:56 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.1010602145825.9585B-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 87d78mwxz7.fsf@toncho.dhh.gt.org>

hi john

i think its more the issue of what "users" do after they see
the portscan log messsages...

changing fw rules due to portscan loggs is like shooting yourself
in the foot if one does not know why you're updating the fw rules
( "i heard someone say update the fw to stop port scans" is not good 
( enough of a reason 

c ya
alvin
http://www.Linux-Sec.net

On 2 Jun 2001, John Hasler wrote:

> > It is trivial to spoof the source address of a portscan, allowing one to
> > cause your machine to block access from your nameservers or your clients
> > or other important sites.
> 
> While certainly no panacea, portsentry isn't that stupid.  The authors
> thought about this and provided for it.
> --

Reply to:

References:
- Re: Port Sentry
  - From: John Hasler <john@dhh.gt.org>

Prev by Date: Re: Lilo and Win2k
Next by Date: Re: Lilo and Win2k - switch
Previous by thread: Re: Port Sentry
Next by thread: Re: Port Sentry - good idea
Index(es):
- Date
- Thread