From owner-freebsd-security Mon Mar 18 10:53:50 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail12.svr.pol.co.uk (mail12.svr.pol.co.uk [195.92.193.215]) by hub.freebsd.org (Postfix) with ESMTP id 85BAB37B404 for ; Mon, 18 Mar 2002 10:53:23 -0800 (PST) Received: from [195.92.67.23] (helo=mail18.svr.pol.co.uk) by mail12.svr.pol.co.uk with esmtp (Exim 3.35 #1) id 16n2G2-0000Wv-00 for freebsd-security@freebsd.org; Mon, 18 Mar 2002 18:53:22 +0000 Received: from modem-3417.bonobo.dialup.pol.co.uk ([217.134.61.89] helo=dedog.argus-systems.co.uk) by mail18.svr.pol.co.uk with esmtp (Exim 3.35 #1) id 16n2FN-0000wl-00 for freebsd-security@freebsd.org; Mon, 18 Mar 2002 18:53:14 +0000 Received: (from fergus@localhost) by dedog.argus-systems.co.uk (8.11.6/8.11.1) id g2IIYhP01567 for freebsd-security@freebsd.org; Mon, 18 Mar 2002 18:34:43 GMT (envelope-from fergus) Date: Mon, 18 Mar 2002 18:34:15 +0000 From: Fergus Cameron To: freebsd-security@freebsd.org Subject: Re: Is PortSentry really safe to use? Message-ID: <20020318183415.E1000@dedog.argus-systems.co.uk> Mail-Followup-To: freebsd-security@freebsd.org References: <2332.213.112.58.232.1016226432.squirrel@phucking.kicks-ass.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2332.213.112.58.232.1016226432.squirrel@phucking.kicks-ass.org>; from z3l3zt@phucking.kicks-ass.org on Fri, Mar 15, 2002 at 10:07:12PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org surely it wouldn't be possible to spoof an attack 'through' a gateway ? would the gateway not reject the traffic as invalid ? otherwise it would pass traffic apparently from itself but recieved on the wrong interface. ? ? i realise the principle of the problem still applies - but would this specific application work ? On 15.03-22:07, Jesper Wallin wrote: > Hey.. > > Lets say I want to hide all my services by changing the standard ports on > all server and run PortSentry.. I used to run my system like that before but > yesterday a friend of mine was talking about a little security issue.. > > Lets say we run a system like that on www.blah.com, what happens if I run a > traceroute on it and fake a portscan from his default gateway? Sure he can > add the default gateway to the portsentry.ignore file but then I just take > the box before that and the one before that and the... and so on.. > > Isn't PortSentry more like a problem then a help then? I'm not sure if all > fo this work but I know it's possible to fake portscans with softwares like > "rain" and other "custom packets" programs. > > > Jesper Wallin (aka Z3l3zT) > "it's better to be a lame hacker than a hacked lamer" > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Fergus Cameron Tel: +447779236010 Fax: +447980681864 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message