Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 15 Mar 2002 16:26:29 -0800
From:      Kris Kennaway <kris@obsecurity.org>
To:        Jesper Wallin <z3l3zt@phucking.kicks-ass.org>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Is PortSentry really safe to use?
Message-ID:  <20020315162629.D84361@xor.obsecurity.org>
In-Reply-To: <2332.213.112.58.232.1016226432.squirrel@phucking.kicks-ass.org>; from z3l3zt@phucking.kicks-ass.org on Fri, Mar 15, 2002 at 10:07:12PM %2B0100
References:  <2332.213.112.58.232.1016226432.squirrel@phucking.kicks-ass.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--EP0wieDxd4TSJjHq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Mar 15, 2002 at 10:07:12PM +0100, Jesper Wallin wrote:
> Hey..
>=20
> Lets say I want to hide all my services by changing the standard ports on
> all server and run PortSentry.. I used to run my system like that before =
but
> yesterday a friend of mine was talking about a little security issue..
>=20
> Lets say we run a system like that on www.blah.com, what happens if I run=
 a
> traceroute on it and fake a portscan from his default gateway? Sure he can
> add the default gateway to the portsentry.ignore file but then I just take
> the box before that and the one before that and the... and so on..
>=20
> Isn't PortSentry more like a problem then a help then? I'm not sure if all
> fo this work but I know it's possible to fake portscans with softwares li=
ke
> "rain" and other "custom packets" programs.

Yes, it's dangerous and you need to be absolutely sure you know what
you're doing (e.g. what can be spoofed and what cannot) before you
start configuring active responses to traffic.

Kris

--EP0wieDxd4TSJjHq
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8kpEyWry0BWjoQKURAmfAAKDn4jKvuL3dr10yLC4zlgDDB5et8gCg6URV
qcEygKBNDBY6Su3wz1GSK8A=
=MgVE
-----END PGP SIGNATURE-----

--EP0wieDxd4TSJjHq--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020315162629.D84361>