From owner-freebsd-security  Sat Jan 27 21:52: 0 2001
Delivered-To: freebsd-security@freebsd.org
Received: from obsecurity.org (adsl-64-165-226-91.dsl.lsan03.pacbell.net [64.165.226.91])
	by hub.freebsd.org (Postfix) with ESMTP id BB31F37B69D
	for <freebsd-security@FreeBSD.ORG>; Sat, 27 Jan 2001 21:51:42 -0800 (PST)
Received: by obsecurity.org (Postfix, from userid 1000)
	id 2E3DFBA4FA; Sat, 27 Jan 2001 21:52:10 -0800 (PST)
Date: Sat, 27 Jan 2001 21:52:10 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: FBSDSecure@aol.com
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: (no subject)
Message-ID: <20010127215210.A26962@xor.obsecurity.org>
References: <dc.19146d4.27a50b4f@aol.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="3V7upXqbjpZ4EhLz"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <dc.19146d4.27a50b4f@aol.com>; from FBSDSecure@aol.com on Sun, Jan 28, 2001 at 12:42:39AM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--3V7upXqbjpZ4EhLz
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Sun, Jan 28, 2001 at 12:42:39AM -0500, FBSDSecure@aol.com wrote:

> To prevent portscanning, there is a package in the ports collection
> called portsentry under both the net and security branches.  I an
> currently using it on my firewall computer and when it detects that
> someone is portscanning your computer, you can 'ban' the attacker's
> IP address using ipfw and email you automatically.

Be very careful using automated responses like automatically
blackholing someone. Port scans can trivially be spoofed (most port
scanners like nmap include a command-line option to do this), and all
an attacker need to do is spoof a scan coming from your ISP's servers
and it will effectively cut you off of the network.

IMO, there's no problem with portscans if you run a tightly configured
firewall and don't allow in traffic except to services you trust the
world to be able to connect to.

Kris

--3V7upXqbjpZ4EhLz
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6c7OKWry0BWjoQKURAvIMAKCNjsi7D6Rv9MHVDplAhQYOYxsfsQCg9Q8G
6rthFLxMcHoHVYtVh4UwLrc=
=b7s9
-----END PGP SIGNATURE-----

--3V7upXqbjpZ4EhLz--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message