From owner-freebsd-security Mon Mar 18 11:13:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from hawk.dcu.ie (mail.dcu.ie [136.206.1.5]) by hub.freebsd.org (Postfix) with ESMTP id 5FD5E37B400 for ; Mon, 18 Mar 2002 11:13:44 -0800 (PST) Received: from prodigy.redbrick.dcu.ie (136.206.15.10) by hawk.dcu.ie (6.0.040) id 3C8DB81200033100 for freebsd-security@freebsd.org; Mon, 18 Mar 2002 19:13:43 +0000 Received: by prodigy.redbrick.dcu.ie (Postfix, from userid 1023) id 464F7DA3F; Mon, 18 Mar 2002 19:13:43 +0000 (GMT) Date: Mon, 18 Mar 2002 19:13:43 +0000 From: Philip Reynolds To: freebsd-security@freebsd.org Subject: Re: Is PortSentry really safe to use? Message-ID: <20020318191343.B4432@prodigy.Redbrick.DCU.IE> References: <2332.213.112.58.232.1016226432.squirrel@phucking.kicks-ass.org> <20020318183415.E1000@dedog.argus-systems.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020318183415.E1000@dedog.argus-systems.co.uk>; from cameron@argus-systems.com on Mon, Mar 18, 2002 at 06:34:15PM +0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Fergus Cameron's [cameron@argus-systems.com] 43 lines of wisdom included: > surely it wouldn't be possible to spoof an attack 'through' a gateway ? > would the gateway not reject the traffic as invalid ? otherwise it > would pass traffic apparently from itself but recieved on the wrong > interface. > > ? ? > > i realise the principle of the problem still applies - but would this > specific application work ? A good comparison of Port Sentry and Snort is at: http://www.linux.ie/articles/portsentryandsnortcompared.php Phil. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message