Date: Fri, 15 Mar 2002 21:30:23 +0000 From: Baldur Gislason <baldur@foo.is> To: "Jesper Wallin" <z3l3zt@phucking.kicks-ass.org> Cc: freebsd-security@freebsd.org Subject: Re: Is PortSentry really safe to use? Message-ID: <02031521302303.03229@germanium> In-Reply-To: <2332.213.112.58.232.1016226432.squirrel@phucking.kicks-ass.org> References: <2332.213.112.58.232.1016226432.squirrel@phucking.kicks-ass.org>
next in thread | previous in thread | raw e-mail | index | archive | help
That's right, you cannot rely on portsentry in "stealth scan" mode, since SYN packets are easily spoofable. Baldur On Friday 15 March 2002 21:07, you wrote: > Hey.. > > Lets say I want to hide all my services by changing the standard ports on > all server and run PortSentry.. I used to run my system like that before > but yesterday a friend of mine was talking about a little security issue.. > > Lets say we run a system like that on www.blah.com, what happens if I run a > traceroute on it and fake a portscan from his default gateway? Sure he can > add the default gateway to the portsentry.ignore file but then I just take > the box before that and the one before that and the... and so on.. > > Isn't PortSentry more like a problem then a help then? I'm not sure if all > fo this work but I know it's possible to fake portscans with softwares like > "rain" and other "custom packets" programs. > > > Jesper Wallin (aka Z3l3zT) > "it's better to be a lame hacker than a hacked lamer" > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?02031521302303.03229>