Re: [PLUG] portmap and other things

gabriel rosenkoetter on Thu, 8 Mar 2001 01:53:37 -0500

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] portmap and other things

From: gabriel rosenkoetter <gr@eclipsed.net>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] portmap and other things

Date: Thu, 8 Mar 2001 01:56:28 -0500

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mutt/1.2.5i

On Tue, Mar 06, 2001 at 09:46:47PM -0500, Michael Leone wrote: > Well, portsentry can issue an IPChAINS DENY (rather than a REJECT), so > you'd get the same response as you would get if the host you're scanning > went down. I guess. I'd still rather do this myself based on my logs. My turnaround will be slower (more like weekly rather than instantaneous), but there won't be any false positives, and (though I'm not maintaining any right now) firewalls I've configured are usually noisy enough that if they need fairly immediate attention they can get it. I'll grant that's more effort on the admin's part, but it's effort I think really does need to be human. (Computers can be SO much dumber than people, especially with anything it'd take a Turing machine or more to sort out. And validity of Internet traffic really is one of those things.) > On 06 Mar 2001 16:50:18 -0500, gabriel rosenkoetter wrote: > > But I'm a haughty asshole. > I can only go by what you say. > > <G> Heh. Now and previously. ;^> > Well, it's meant to STOP an intrusion. And it lists that fact in the > logs - the type of scan, port scanned, scanning IP, and the fact that > the route to that IP has been dropped. I guess, but I think it's overreactive. If I were going to have something block a port, I'd want it to wait till something bad actually tried to come in. Granted the heuristic for "something bad" is really complicated and always changing... but that's part of the reason I don't want anything automated closing new ports on my firewall. It, like most Microsoft software, ends up trying to be too smart for its (and my) own good. At least, in my experience. I'm also coming from the stance that I'm basically okay with a port scan. I mean, plenty of people walk past my front door; some might even try the doorknob (hey, maybe they were actually looking for my neighbor, but got the wrong apartment number). Doesn't bother me till they come in and start eying my stereo. And that's what the baseball bat's for. ;^> ~ g r @ eclipsed.net ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug

Follow-Ups:

Re: [PLUG] portmap and other things
From: Rebecca Ore <rebecca@ogoense.net>

References:

[PLUG] portmap and other things
From: "Jason Wertz" <JWERTZ@dcccnet.dccc.edu>

Re: [PLUG] portmap and other things
From: MaD dUCK <madduck@madduck.net>

Re: [PLUG] portmap and other things
From: "Michael Leone" <turgon@mike-leone.com>

Re: [PLUG] portmap and other things
From: MaD dUCK <madduck@madduck.net>

Re: [PLUG] portmap and other things
From: gabriel rosenkoetter <gr@eclipsed.net>

Re: [PLUG] portmap and other things
From: Michael Leone <turgon@mike-leone.com>

Prev by Date: Re: [PLUG] Techrepublic: Using GNU Privacy Guard? Get this patch!

Next by Date: Re: [PLUG] portmap and other things

Previous by thread: Re: [PLUG] portmap and other things

Next by thread: Re: [PLUG] portmap and other things

Index(es):

Date

Thread