Date: 15 Mar 2002 13:37:00 -0800 From: Mark Foster <mdf@enic.cc> To: Jesper Wallin <z3l3zt@phucking.kicks-ass.org> Cc: Baldur Gislason <baldur@foo.is>, freebsd-security@freebsd.org Subject: Re: Is PortSentry really safe to use? Message-ID: <1016228221.10601.69.camel@smokey.lan.enic.cc> In-Reply-To: <02031521302303.03229@germanium> References: <2332.213.112.58.232.1016226432.squirrel@phucking.kicks-ass.org> <02031521302303.03229@germanium>
next in thread | previous in thread | raw e-mail | index | archive | help
This attack (spoofing) can be circumvented by using ingress filtering on your router or firewall. On Fri, 2002-03-15 at 13:30, Baldur Gislason wrote: > That's right, you cannot rely on portsentry in "stealth scan" mode, since SYN > packets are easily spoofable. > > Baldur > > On Friday 15 March 2002 21:07, you wrote: > > Hey.. > > > > Lets say I want to hide all my services by changing the standard ports on > > all server and run PortSentry.. I used to run my system like that before > > but yesterday a friend of mine was talking about a little security issue.. > > > > Lets say we run a system like that on www.blah.com, what happens if I run a > > traceroute on it and fake a portscan from his default gateway? Sure he can > > add the default gateway to the portsentry.ignore file but then I just take > > the box before that and the one before that and the... and so on.. > > > > Isn't PortSentry more like a problem then a help then? I'm not sure if all > > fo this work but I know it's possible to fake portscans with softwares like > > "rain" and other "custom packets" programs. > > > > > > Jesper Wallin (aka Z3l3zT) > > "it's better to be a lame hacker than a hacked lamer" > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- -mdf [Mark D. Foster] Phone: 206-381-0449 System Administrator - eNIC Corporation Fax: 206-329-7107 <mdf@enic.cc> or mergatroid on AIM To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1016228221.10601.69.camel>