Re: Connection attempts (& active ids)

From: Mike Silbersack (silby@silby.com)
Date: 04/27/01 

Date: Thu, 26 Apr 2001 21:54:56 -0500 (CDT)
From: Mike Silbersack <silby@silby.com>
To: Michael Scheidell <scheidell@fdma.com>

On Wed, 25 Apr 2001, Michael Scheidell wrote:

> > On Wed, 25 Apr 2001, David Goddard wrote:
> >
> > > Simply by being sat there listening to port 111, portsentry blocks
> > > several probably compromised systems a day from talking to my servers.
> > > Why should I not use it as a part of my security strategy?
> >
> > Soooooo... if you weren't running portsentry, wouldn't they be talking to
> > a closed port, and hence leave you alone as well?
>
> Sooooooo... if I lock all my doors and windows, and they don't get it, I
> should be happy, right?
>
> The problem is, if I don't keep an eye on what is going on, I don't know
> they are trying.
>
> If I don't know they are trying, they WILL get in.

Well, by listening on more ports, you're just making yourself a more
appealing target. As such, I don't think you're really increasing your
security. It's attacks on the services that you're running which matter.

As for the concept of an automated attack-attempt tracking system, it
seems like a good idea. Maybe I'll look more at how it's done when I have
some free time.

Mike "Silby" Silbersack

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Quantcast