From owner-freebsd-security Thu Apr 26 19:55: 1 2001 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (adam042-060.resnet.wisc.edu [146.151.42.60]) by hub.freebsd.org (Postfix) with ESMTP id C7C7C37B424 for ; Thu, 26 Apr 2001 19:54:57 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 10744 invoked by uid 1000); 27 Apr 2001 02:54:56 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 27 Apr 2001 02:54:56 -0000 Date: Thu, 26 Apr 2001 21:54:56 -0500 (CDT) From: Mike Silbersack To: Michael Scheidell Cc: Subject: Re: Connection attempts (& active ids) In-Reply-To: <200104260303.f3Q33CK49974@caerulus.cerintha.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 25 Apr 2001, Michael Scheidell wrote: > > On Wed, 25 Apr 2001, David Goddard wrote: > > > > > Simply by being sat there listening to port 111, portsentry blocks > > > several probably compromised systems a day from talking to my servers. > > > Why should I not use it as a part of my security strategy? > > > > Soooooo... if you weren't running portsentry, wouldn't they be talking to > > a closed port, and hence leave you alone as well? > > Sooooooo... if I lock all my doors and windows, and they don't get it, I > should be happy, right? > > The problem is, if I don't keep an eye on what is going on, I don't know > they are trying. > > If I don't know they are trying, they WILL get in. Well, by listening on more ports, you're just making yourself a more appealing target. As such, I don't think you're really increasing your security. It's attacks on the services that you're running which matter. As for the concept of an automated attack-attempt tracking system, it seems like a good idea. Maybe I'll look more at how it's done when I have some free time. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message