Re: Port Sentry

To: Roderick Cummings <debian_user@hotmail.com>
Cc: debian-user@lists.debian.org
Subject: Re: Port Sentry
From: Alvin Oga <aoga@Mail.Linux-Consulting.com>
Date: Sun, 3 Jun 2001 03:01:15 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.1010603025620.27681A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] F68505vyVzt2YATLQEw00012c7d@hotmail.com>

hi roderick

if the clients need access to your lan...
- put them on a different wire ( 10.0.1.0/24 )

and you keep all your corp data that has nothing to 
do with them on  other wires ( 192.156.1.0/24 )

than put a gateway for you coworker to get to
them .... but the clients in their office cannot
get into your private 192.168.1.0 network..
	( they dont need the root passwd to that gateway

-- ie... move your internal firewall -- one lan inward...

-- having their machines on the same wire as your 
   credit and finance and MS windoze boxes is 
   asking for problems... might as well leave thos
   PC in their offfices... ( same effect )

-- am guessing... there is data they need...
   and data they dont need from your own servers

have fun
alvin


On Sun, 3 Jun 2001, Roderick Cummings wrote:

> 
> 
> 
> >From: "Rajkumar S." <voidmain@myrealbox.com>
> >To: Roderick Cummings <debian_user@hotmail.com>
> >CC: debian <debian-user@lists.debian.org>
> >Subject: Re: Port Sentry
> >Date: Sat, 2 Jun 2001 20:51:46 +0530 (IST)
> >
> >On Sat, 2 Jun 2001, Roderick Cummings wrote:
> >
> > > Now when portsentry detects a port scan it blocks the ip making the
> > > scan.
> >
> >I am not an expert in security, but some doubts.
> >
> >Is it wise to block an ip just because it did a port scan?
> >What if s/he spoofs the ip and puts your ip as source address?
> >
> >raj
> >
> 
> A rule in my input chain will drop any incomming packet claiming to be from 
> the localhost. (the routers to other networks will drop any incomming 
> packets claiming to be from my network as well).
> 
> Blocking the ip's might be a problem if say, someone takes control of one of 
> the servers at my customers site, but then the application would die and be 
> noticed. Although that would be a serious DOS attack, I'd much rather know 
> there is a problem and discover the system in the customer's network was 
> hacked, than continue to talk to it and process data from it. Unfortuneatly 
> the customers do have legitimate reasons to access the systems in my network 
> (several of which they actually own).
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

References:
- Re: Port Sentry
  - From: "Roderick Cummings" <debian_user@hotmail.com>

Prev by Date: Re: http-ssl
Next by Date: Re: Network traffic monitor
Previous by thread: Re: Port Sentry
Next by thread: Re: Port Sentry
Index(es):
- Date
- Thread