Re: Port Sentry
hi roderick
if the clients need access to your lan...
- put them on a different wire ( 10.0.1.0/24 )
and you keep all your corp data that has nothing to
do with them on other wires ( 192.156.1.0/24 )
than put a gateway for you coworker to get to
them .... but the clients in their office cannot
get into your private 192.168.1.0 network..
( they dont need the root passwd to that gateway
-- ie... move your internal firewall -- one lan inward...
-- having their machines on the same wire as your
credit and finance and MS windoze boxes is
asking for problems... might as well leave thos
PC in their offfices... ( same effect )
-- am guessing... there is data they need...
and data they dont need from your own servers
have fun
alvin
On Sun, 3 Jun 2001, Roderick Cummings wrote:
>
>
>
> >From: "Rajkumar S." <voidmain@myrealbox.com>
> >To: Roderick Cummings <debian_user@hotmail.com>
> >CC: debian <debian-user@lists.debian.org>
> >Subject: Re: Port Sentry
> >Date: Sat, 2 Jun 2001 20:51:46 +0530 (IST)
> >
> >On Sat, 2 Jun 2001, Roderick Cummings wrote:
> >
> > > Now when portsentry detects a port scan it blocks the ip making the
> > > scan.
> >
> >I am not an expert in security, but some doubts.
> >
> >Is it wise to block an ip just because it did a port scan?
> >What if s/he spoofs the ip and puts your ip as source address?
> >
> >raj
> >
>
> A rule in my input chain will drop any incomming packet claiming to be from
> the localhost. (the routers to other networks will drop any incomming
> packets claiming to be from my network as well).
>
> Blocking the ip's might be a problem if say, someone takes control of one of
> the servers at my customers site, but then the application would die and be
> noticed. Although that would be a serious DOS attack, I'd much rather know
> there is a problem and discover the system in the customer's network was
> hacked, than continue to talk to it and process data from it. Unfortuneatly
> the customers do have legitimate reasons to access the systems in my network
> (several of which they actually own).
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: