From owner-freebsd-security  Thu Apr 26  2:56: 2 2001
Delivered-To: freebsd-security@freebsd.org
Received: from probity.mcc.ac.uk (probity.mcc.ac.uk [130.88.200.94])
	by hub.freebsd.org (Postfix) with ESMTP id 7327A37B422
	for <security@freebsd.org>; Thu, 26 Apr 2001 02:55:59 -0700 (PDT)
	(envelope-from rasputin@freebsd-uk.eu.org)
Received: from dogma.freebsd-uk.eu.org ([130.88.200.97] ident=root)
	by probity.mcc.ac.uk with esmtp (Exim 2.05 #4)
	id 14siVC-000Iuk-00
	for security@freebsd.org; Thu, 26 Apr 2001 10:55:58 +0100
Received: (from rasputin@localhost)
	by dogma.freebsd-uk.eu.org (8.11.1/8.11.1) id f3Q9twf30937
	for security@freebsd.org; Thu, 26 Apr 2001 10:55:58 +0100 (BST)
	(envelope-from rasputin)
Date: Thu, 26 Apr 2001 10:55:58 +0100
From: Rasputin <rara.rasputin@virgin.net>
To: security@freebsd.org
Subject: Re: Connection attempts (& active ids)
Message-ID: <20010426105558.A30778@dogma.freebsd-uk.eu.org>
Reply-To: Rasputin <rara.rasputin@virgin.net>
References: <Pine.BSF.4.31.0104252147260.8017-100000@achilles.silby.com> <200104260303.f3Q33CK49974@caerulus.cerintha.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
In-Reply-To: <200104260303.f3Q33CK49974@caerulus.cerintha.com>; from me2@privacy.net on Wed, Apr 25, 2001 at 11:03:11PM -0400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

* Michael Scheidell <me2@privacy.net> [010426 04:05]:

> > On Wed, 25 Apr 2001, David Goddard wrote:

> > > Simply by being sat there listening to port 111, portsentry blocks
> > > several probably compromised systems a day from talking to my servers.
> > > Why should I not use it as a part of my security strategy?

> > Soooooo... if you weren't running portsentry, wouldn't they be talking to
> > a closed port, and hence leave you alone as well?

> Sooooooo... if I lock all my doors and windows, and they don't get it, I
> should be happy, right?

grep log_in_vain /etc/defaults/rc.conf >> /etc/rc.conf

You still get connection attempts flagged, but (as far as I know)
from the outside the connection appears to fail.
The same would go for most firewalls (certainly our 2 can be configured
to return a 'connection refused' and log the intrusion.
IPF allows a 'log body' option too, so if you have the disk you can
inspect the actual packets sent to you.)

-- 
"I've seen, I SAY, I've seen better heads on a mug of beer"
		-- Senator Claghorn
Rasputin :: Jack of All Trades - Master of Nuns ::

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message