Date: Fri, 15 Mar 2002 22:07:12 +0100 (CET) From: "Jesper Wallin" <z3l3zt@phucking.kicks-ass.org> To: <freebsd-security@freebsd.org> Cc: <freebsd-security@freebsd.org> Subject: Is PortSentry really safe to use? Message-ID: <2332.213.112.58.232.1016226432.squirrel@phucking.kicks-ass.org>
next in thread | raw e-mail | index | archive | help
Hey.. Lets say I want to hide all my services by changing the standard ports on all server and run PortSentry.. I used to run my system like that before but yesterday a friend of mine was talking about a little security issue.. Lets say we run a system like that on www.blah.com, what happens if I run a traceroute on it and fake a portscan from his default gateway? Sure he can add the default gateway to the portsentry.ignore file but then I just take the box before that and the one before that and the... and so on.. Isn't PortSentry more like a problem then a help then? I'm not sure if all fo this work but I know it's possible to fake portscans with softwares like "rain" and other "custom packets" programs. Jesper Wallin (aka Z3l3zT) "it's better to be a lame hacker than a hacked lamer" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2332.213.112.58.232.1016226432.squirrel>