Date: Mon, 18 Mar 2002 11:07:58 -0800 From: Jason DiCioccio <geniusj@bluenugget.net> To: Fergus Cameron <cameron@argus-systems.com>, freebsd-security@freebsd.org Subject: Re: Is PortSentry really safe to use? Message-ID: <2929174843.1016449678@[192.168.4.56]> In-Reply-To: <20020318183415.E1000@dedog.argus-systems.co.uk> References: <20020318183415.E1000@dedog.argus-systems.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
--==========2929185348========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline It would probably be safe to block based on established TCP connections=20 however I would be wary of UDP, ICMP and non-established TCP sessions.=20 Sound good? Also generally I wouldn't think the gateway would help for inbound spoofed packets, unless they were spoofing something that was obviously fake like 127.0.0.1, 192.168.*, etc. Cheers, -JD- --On Monday, March 18, 2002 6:34 PM +0000 Fergus Cameron=20 <cameron@argus-systems.com> wrote: > surely it wouldn't be possible to spoof an attack 'through' a gateway ? > would the gateway not reject the traffic as invalid ? otherwise it > would pass traffic apparently from itself but recieved on the wrong > interface. > > ? ? > > i realise the principle of the problem still applies - but would this > specific application work ? > > On 15.03-22:07, Jesper Wallin wrote: >> Hey.. >> >> Lets say I want to hide all my services by changing the standard ports = on >> all server and run PortSentry.. I used to run my system like that before >> but yesterday a friend of mine was talking about a little security >> issue.. >> >> Lets say we run a system like that on www.blah.com, what happens if I >> run a traceroute on it and fake a portscan from his default gateway? >> Sure he can add the default gateway to the portsentry.ignore file but >> then I just take the box before that and the one before that and the... >> and so on.. >> >> Isn't PortSentry more like a problem then a help then? I'm not sure if >> all fo this work but I know it's possible to fake portscans with >> softwares like "rain" and other "custom packets" programs. >> >> >> Jesper Wallin (aka Z3l3zT) >> "it's better to be a lame hacker than a hacked lamer" >> >> >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-security" in the body of the message > > -- > Fergus Cameron Tel: +447779236010 > Fax: +447980681864 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message --==========2929185348========== Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iD8DBQE8ljsO01CVlgQ2fAgRAq1cAKCzYx8q0K/J7/f7y2QnH67Qbh8mWwCghSWf hbN8NFaZfhSFLWzMeekF3yM= =XoOy -----END PGP SIGNATURE----- --==========2929185348==========-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2929174843.1016449678>