From owner-freebsd-security  Fri Mar 15 13: 8:41 2002
Delivered-To: freebsd-security@freebsd.org
Received: from phucking.kicks-ass.org (c-e83a70d5.022-45-6f72652.cust.bredbandsbolaget.se [213.112.58.232])
	by hub.freebsd.org (Postfix) with ESMTP id CE57037B402
	for <freebsd-security@freebsd.org>; Fri, 15 Mar 2002 13:08:35 -0800 (PST)
Received: from phucking.kicks-ass.org (localhost.kicks-ass.org [127.0.0.1])
	by phucking.kicks-ass.org (Postfix) with SMTP
	id 95143715; Fri, 15 Mar 2002 22:07:12 +0100 (CET)
Received: from 213.112.58.232
        (SquirrelMail authenticated user z3l3zt)
        by phucking.kicks-ass.org with HTTP;
        Fri, 15 Mar 2002 22:07:12 +0100 (CET)
Message-ID: <2332.213.112.58.232.1016226432.squirrel@phucking.kicks-ass.org>
Date: Fri, 15 Mar 2002 22:07:12 +0100 (CET)
Subject: Is PortSentry really safe to use?
From: "Jesper Wallin" <z3l3zt@phucking.kicks-ass.org>
To: <freebsd-security@freebsd.org>
X-Priority: 3
Importance: Normal
X-MSMail-Priority: Normal
Cc: <freebsd-security@freebsd.org>
X-Mailer: SquirrelMail (version 1.2.5)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hey..

Lets say I want to hide all my services by changing the standard ports on
all server and run PortSentry.. I used to run my system like that before but
yesterday a friend of mine was talking about a little security issue..

Lets say we run a system like that on www.blah.com, what happens if I run a
traceroute on it and fake a portscan from his default gateway? Sure he can
add the default gateway to the portsentry.ignore file but then I just take
the box before that and the one before that and the... and so on..

Isn't PortSentry more like a problem then a help then? I'm not sure if all
fo this work but I know it's possible to fake portscans with softwares like
"rain" and other "custom packets" programs.


Jesper Wallin (aka Z3l3zT)
"it's better to be a lame hacker than a hacked lamer"





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message