Date: Wed, 25 Apr 2001 22:42:10 +0100 From: David Goddard <goddard@acm.org> To: Domas Mituzas <domas.mituzas@delfi.lt> Cc: scheidell@fdma.com, freebsd-security@FreeBSD.ORG Subject: Re: Connection attempts (& active ids) Message-ID: <3AE744B2.186E5793@acm.org> References: <20010423231908.N574-100000@axis.tdd.lt>
next in thread | previous in thread | raw e-mail | index | archive | help
Domas Mituzas wrote: [...] > Several days ago I gave a lesson to guys, running portsentry and similiar > stuff with active blocking enabled. They did not believe they had any > security breach, but after their own systems blocked all TLD servers, they > removed portsentry immediately. [...] Now, this sounds like you are suggesting that portsentry is a Bad Thing, Period. I'm not sure I agree here... Root servers I hadn't considered (thanks!), but I run portsentry and it's configured not to block any of the other machines essential to server running (gateway, colo DNS, backup MX, my own IPs etc.) and I don't give a toss if it blocks anything else temporarily (a luxury some might not have, admittedly) - I can fix any obvious problems. Simply by being sat there listening to port 111, portsentry blocks several probably compromised systems a day from talking to my servers. Why should I not use it as a part of my security strategy? I'm not trying to be combative, but you seem to believe this sort of thing is fit for nothing and if I'm wrong I'd like to know it now rather than later... Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AE744B2.186E5793>