[TriLUG] Security question
Chris Knowles
knowlesc at telocity.com
Mon Aug 13 15:32:00 EDT 2001
I've got a question for all teh security conscious people out there...
If you are running telnet and an unpatched WU-FTPD and need to have CVS
pserver running...
OK, I'm just kidding. :)
I'm in the process of revamping my firewalls to have the latest and greatest,
and I've been playing around with portsentry. However, I don't think that an
IPCHAINS or IPTABLES firewall with DENY policies will allow the packet to get
far enough to be detected by portsentry. (at least, portsentry doesn't see a
scan when the policies are turned on, but does when they aren't in effect.)
So, is it better to have a firewall that drops almost everything to the
ground, or one that is open until it detects a scan? My gut says to drop
everything, if they can't get in they can't get in. But, it's kinda neat to
see the attempted scans.
Or do I just not grok the setup of portsentry? (entirely possible, I've only
been playing with it for a few hours.)
Thanks again.
More information about the TriLUG
mailing list