Date: Mon, 18 Mar 2002 18:34:15 +0000 From: Fergus Cameron <cameron@argus-systems.com> To: freebsd-security@freebsd.org Subject: Re: Is PortSentry really safe to use? Message-ID: <20020318183415.E1000@dedog.argus-systems.co.uk> In-Reply-To: <2332.213.112.58.232.1016226432.squirrel@phucking.kicks-ass.org>; from z3l3zt@phucking.kicks-ass.org on Fri, Mar 15, 2002 at 10:07:12PM %2B0100 References: <2332.213.112.58.232.1016226432.squirrel@phucking.kicks-ass.org>
next in thread | previous in thread | raw e-mail | index | archive | help
surely it wouldn't be possible to spoof an attack 'through' a gateway ?
would the gateway not reject the traffic as invalid ? otherwise it
would pass traffic apparently from itself but recieved on the wrong
interface.
? ?
i realise the principle of the problem still applies - but would this
specific application work ?
On 15.03-22:07, Jesper Wallin wrote:
> Hey..
>
> Lets say I want to hide all my services by changing the standard ports on
> all server and run PortSentry.. I used to run my system like that before but
> yesterday a friend of mine was talking about a little security issue..
>
> Lets say we run a system like that on www.blah.com, what happens if I run a
> traceroute on it and fake a portscan from his default gateway? Sure he can
> add the default gateway to the portsentry.ignore file but then I just take
> the box before that and the one before that and the... and so on..
>
> Isn't PortSentry more like a problem then a help then? I'm not sure if all
> fo this work but I know it's possible to fake portscans with softwares like
> "rain" and other "custom packets" programs.
>
>
> Jesper Wallin (aka Z3l3zT)
> "it's better to be a lame hacker than a hacked lamer"
>
>
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
--
Fergus Cameron Tel: +447779236010
Fax: +447980681864
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020318183415.E1000>