Date: Thu, 26 Apr 2001 21:54:56 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Michael Scheidell <scheidell@fdma.com> Cc: <freebsd-security@freebsd.org> Subject: Re: Connection attempts (& active ids) Message-ID: <Pine.BSF.4.31.0104260238340.8377-100000@achilles.silby.com> In-Reply-To: <200104260303.f3Q33CK49974@caerulus.cerintha.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 25 Apr 2001, Michael Scheidell wrote: > > On Wed, 25 Apr 2001, David Goddard wrote: > > > > > Simply by being sat there listening to port 111, portsentry blocks > > > several probably compromised systems a day from talking to my servers. > > > Why should I not use it as a part of my security strategy? > > > > Soooooo... if you weren't running portsentry, wouldn't they be talking to > > a closed port, and hence leave you alone as well? > > Sooooooo... if I lock all my doors and windows, and they don't get it, I > should be happy, right? > > The problem is, if I don't keep an eye on what is going on, I don't know > they are trying. > > If I don't know they are trying, they WILL get in. Well, by listening on more ports, you're just making yourself a more appealing target. As such, I don't think you're really increasing your security. It's attacks on the services that you're running which matter. As for the concept of an automated attack-attempt tracking system, it seems like a good idea. Maybe I'll look more at how it's done when I have some free time. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.31.0104260238340.8377-100000>