Date: Fri, 27 Apr 2001 19:32:20 +0100 From: David Goddard <goddard@acm.org> To: Michael Scheidell <scheidell@fdma.com> Cc: freebsd-security@freebsd.org, silby@silby.com Subject: Re: Connection attempts (& active ids) Message-ID: <3AE9BB34.B6C1676B@acm.org> References: <200104260303.f3Q33CK49974@caerulus.cerintha.com> <Pine.BSF.4.31.0104260238340.8377-100000@achilles.silby.com> <001f01c0cf21$3b25fe70$0503a8c0@fdma.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Michael Scheidell wrote: > > From: "Mike Silbersack" <silby@silby.com> > > Well, by listening on more ports, you're just making yourself a more > > appealing target. As such, I don't think you're really increasing your > > security. It's attacks on the services that you're running which matter. > > > > who said I was listening on any ports? Going back a few messages, it was me that said I was listening on additional ports, with portsentry listening to port 111 among others. I disagree that it makes you a more appealing target - by connecting to those ports, you get blocked and hence it no longer appears that there is anything listening whatsoever. I've had very few repeated connection attempts from machines that have been blackholed by portsentry (although they could always be coming back from another IP). I still maintain that careful use of portsentry is a good thing, although I'm open to any decent argument to the contrary. > icmp echo is blocked (ipfw deny) I did this for a while but felt uncomfortable about it for no reason that I could pin down (but probably because there are people who would have a legitimate reason to ping). I pass but log pings nowadays - I get a surprisingly large number of people pinging me. Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AE9BB34.B6C1676B>