Security Incidents mailing list archives
Re: traffic logging
From: jbaker () CANADAMORTGAGE COM (Jason Baker)
Date: Mon, 8 May 2000 15:05:10 -0700
On May 08, spiff wrote:
On Wed, 3 May 2000, Damian Gerow wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Humm... I don't much care for PortSentry's retaliation sequence. The suggested action (blocking the route, adding offending host to hosts.deny, setting up a firewall rule to deny all traffic coming from the offending host) really turns me off - it creates a nice, simple DoS on it's own.I can confirm this to be true. In a recent audit, an nmap scan revealed that the sysadmin had his home network 'protected' by PortSentry.
[snip]
This should not be taken as a critique of PortSentry, just as a caveat regarding it's potential abuses.
In the Portsentry author's favor - he covers this very point repeatedly on the website and the install instructions. What you chose to do with a host that pokes at the ports is entirely up to you. -- A computer, to print out a fact, Will divide, multiply, and subtract. But this output can be No more than debris, If the input was short of exact. -- Gigo
Current thread:
- Re: traffic logging Scott McClelland (May 01)
- <Possible follow-ups>
- Re: traffic logging Damian Gerow (May 03)
- Re: traffic logging spiff (May 08)
- Re: traffic logging Craig H. Rowland (May 08)
- Re: traffic logging Jason Baker (May 08)
- Re: traffic logging spiff (May 08)
- Re: traffic logging Robert G. Ferrell (May 03)
- Re: traffic logging Erich Meier (May 04)
- Re: traffic logging Damian Gerow (May 09)