Date: Sat, 27 Jan 2001 21:52:10 -0800 From: Kris Kennaway <kris@obsecurity.org> To: FBSDSecure@aol.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: (no subject) Message-ID: <20010127215210.A26962@xor.obsecurity.org> In-Reply-To: <dc.19146d4.27a50b4f@aol.com>; from FBSDSecure@aol.com on Sun, Jan 28, 2001 at 12:42:39AM -0500 References: <dc.19146d4.27a50b4f@aol.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--3V7upXqbjpZ4EhLz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sun, Jan 28, 2001 at 12:42:39AM -0500, FBSDSecure@aol.com wrote: > To prevent portscanning, there is a package in the ports collection > called portsentry under both the net and security branches. I an > currently using it on my firewall computer and when it detects that > someone is portscanning your computer, you can 'ban' the attacker's > IP address using ipfw and email you automatically. Be very careful using automated responses like automatically blackholing someone. Port scans can trivially be spoofed (most port scanners like nmap include a command-line option to do this), and all an attacker need to do is spoof a scan coming from your ISP's servers and it will effectively cut you off of the network. IMO, there's no problem with portscans if you run a tightly configured firewall and don't allow in traffic except to services you trust the world to be able to connect to. Kris --3V7upXqbjpZ4EhLz Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6c7OKWry0BWjoQKURAvIMAKCNjsi7D6Rv9MHVDplAhQYOYxsfsQCg9Q8G 6rthFLxMcHoHVYtVh4UwLrc= =b7s9 -----END PGP SIGNATURE----- --3V7upXqbjpZ4EhLz-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010127215210.A26962>