Re: (no subject)

From: Kris Kennaway (kris@obsecurity.org)
Date: 01/28/01

Next message: FBSDSecure@aol.com: "Re: (no subject)"
Previous message: FBSDSecure@aol.com: "(no subject)"
In reply to: FBSDSecure@aol.com: "(no subject)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 27 Jan 2001 21:52:10 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: FBSDSecure@aol.com

On Sun, Jan 28, 2001 at 12:42:39AM -0500, FBSDSecure@aol.com wrote:

> To prevent portscanning, there is a package in the ports collection
> called portsentry under both the net and security branches. I an
> currently using it on my firewall computer and when it detects that
> someone is portscanning your computer, you can 'ban' the attacker's
> IP address using ipfw and email you automatically.

Be very careful using automated responses like automatically
blackholing someone. Port scans can trivially be spoofed (most port
scanners like nmap include a command-line option to do this), and all
an attacker need to do is spoof a scan coming from your ISP's servers
and it will effectively cut you off of the network.

IMO, there's no problem with portscans if you run a tightly configured
firewall and don't allow in traffic except to services you trust the
world to be able to connect to.

Kris

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

application/pgp-signature attachment: stored

Next message: FBSDSecure@aol.com: "Re: (no subject)"
Previous message: FBSDSecure@aol.com: "(no subject)"
In reply to: FBSDSecure@aol.com: "(no subject)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Yet another thread on the legality of port scanning
... valid reasons to do portscanning in a limited fashion. ... Port scans just aren't specifically attacks. ... legitimate reason to port scan a system. ... What I have a problem with is people hacking ...
(Security-Basics)
re: Squid Proxy
... > The default port of Squid is 3128. ... Its interesting to put your firewall to ... > The portscanning is the first action to a possible attack... ... I'v been noticeing in my snort logs a lot of Squid Proxy ...
(Security-Basics)
Re: ABCNews backscan attack
... I don't consider portscanning from anyone ... || Portscanning]> is counting how many windows and doors there in my ... || you get a web page without scanning and finding port 80 open. ...
(comp.security.misc)
RE: Kernel message
... It can block them via tcpwrappers, or even add a route for them using ... Somebody was portscanning you - running a simple program that connects ... port, not open) messages, and it had a max value of 30 of those per second. ... with "unsubscribe freebsd-security" in the body of the message ...
(FreeBSD-Security)
(no subject)
... I'm not sure logging all denied packets is a good ... > idea, though, especially if you expect - or even deem it possible - that ... To prevent portscanning, there is a package in the ports collection called ... on my firewall computer and when it detects that someone is portscanning your ...
(FreeBSD-Security)