Date: Thu, 26 Apr 2001 10:55:58 +0100 From: Rasputin <rara.rasputin@virgin.net> To: security@freebsd.org Subject: Re: Connection attempts (& active ids) Message-ID: <20010426105558.A30778@dogma.freebsd-uk.eu.org> In-Reply-To: <200104260303.f3Q33CK49974@caerulus.cerintha.com>; from me2@privacy.net on Wed, Apr 25, 2001 at 11:03:11PM -0400 References: <Pine.BSF.4.31.0104252147260.8017-100000@achilles.silby.com> <200104260303.f3Q33CK49974@caerulus.cerintha.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* Michael Scheidell <me2@privacy.net> [010426 04:05]: > > On Wed, 25 Apr 2001, David Goddard wrote: > > > Simply by being sat there listening to port 111, portsentry blocks > > > several probably compromised systems a day from talking to my servers. > > > Why should I not use it as a part of my security strategy? > > Soooooo... if you weren't running portsentry, wouldn't they be talking to > > a closed port, and hence leave you alone as well? > Sooooooo... if I lock all my doors and windows, and they don't get it, I > should be happy, right? grep log_in_vain /etc/defaults/rc.conf >> /etc/rc.conf You still get connection attempts flagged, but (as far as I know) from the outside the connection appears to fail. The same would go for most firewalls (certainly our 2 can be configured to return a 'connection refused' and log the intrusion. IPF allows a 'log body' option too, so if you have the disk you can inspect the actual packets sent to you.) -- "I've seen, I SAY, I've seen better heads on a mug of beer" -- Senator Claghorn Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010426105558.A30778>