Re: (no subject)

From: Kris Kennaway (kris@obsecurity.org)
Date: 01/28/01


Date: Sat, 27 Jan 2001 21:52:10 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: FBSDSecure@aol.com


On Sun, Jan 28, 2001 at 12:42:39AM -0500, FBSDSecure@aol.com wrote:

> To prevent portscanning, there is a package in the ports collection
> called portsentry under both the net and security branches. I an
> currently using it on my firewall computer and when it detects that
> someone is portscanning your computer, you can 'ban' the attacker's
> IP address using ipfw and email you automatically.

Be very careful using automated responses like automatically
blackholing someone. Port scans can trivially be spoofed (most port
scanners like nmap include a command-line option to do this), and all
an attacker need to do is spoof a scan coming from your ISP's servers
and it will effectively cut you off of the network.

IMO, there's no problem with portscans if you run a tightly configured
firewall and don't allow in traffic except to services you trust the
world to be able to connect to.

Kris



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Relevant Pages

  • Re: Yet another thread on the legality of port scanning
    ... valid reasons to do portscanning in a limited fashion. ... Port scans just aren't specifically attacks. ... legitimate reason to port scan a system. ... What I have a problem with is people hacking ...
    (Security-Basics)
  • re: Squid Proxy
    ... > The default port of Squid is 3128. ... Its interesting to put your firewall to ... > The portscanning is the first action to a possible attack... ... I'v been noticeing in my snort logs a lot of Squid Proxy ...
    (Security-Basics)
  • Re: ABCNews backscan attack
    ... I don't consider portscanning from anyone ... || Portscanning]> is counting how many windows and doors there in my ... || you get a web page without scanning and finding port 80 open. ...
    (comp.security.misc)
  • RE: Kernel message
    ... It can block them via tcpwrappers, or even add a route for them using ... Somebody was portscanning you - running a simple program that connects ... port, not open) messages, and it had a max value of 30 of those per second. ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • (no subject)
    ... I'm not sure logging all denied packets is a good ... > idea, though, especially if you expect - or even deem it possible - that ... To prevent portscanning, there is a package in the ports collection called ... on my firewall computer and when it detects that someone is portscanning your ...
    (FreeBSD-Security)