|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] portmap and other things
|
On 06 Mar 2001 16:50:18 -0500, gabriel rosenkoetter wrote:
> On Tue, Mar 06, 2001 at 04:34:26PM -0500, MaD dUCK wrote:
> > ooooooh. nice. is this black-holing permanent or only for like 3 hours
> > or configurable or what?
>
> The last, if memory serves.
>
> I think it's a Grade A1 Bad Idea in all cases; I'd rather not have
> an interested party know I know about them till I can turn it around
> on them by way of complete logs, a system they couldn't crack
> anyhow, and a carefully placed phone call to their upstream
> provider.
Well, portsentry can issue an IPChAINS DENY (rather than a REJECT), so
you'd get the same response as you would get if the host you're scanning
went down.
>
> But I'm a haughty asshole.
I can only go by what you say.
<G>
> Seriously, blackholing is useful neither as a security measure (for
> all but the most lazy attackers; those who really want in will still
> get there), nor as an intrusion detection system (as it actually
> HIDES informaion about your attacker from you),
Well, it's meant to STOP an intrusion. And it lists that fact in the
logs - the type of scan, port scanned, scanning IP, and the fact that
the route to that IP has been dropped.
--
------------------------------------------------------------------
Michael J. Leone Registered Linux user #201348
<mailto:turgon@mike-leone.com> ICQ: 50453890
PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
You've got your glory, you've paid for it all
You take your pension in loneliness and alcohol
Billy Squier, "Everybody wants you"
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|