Does Portsentry make sense if there is a packet filter?
From: Manuel Kiessling (manuel_at_kiessling.net)
Date: 06/19/04
- Previous message: Durk van Veen: "Re: Web Server -- In DMZ or On Firewall Box?"
- Next in thread: Giles Coochey: "Re: Does Portsentry make sense if there is a packet filter?"
- Reply: Giles Coochey: "Re: Does Portsentry make sense if there is a packet filter?"
- Reply: xasdfg123456_at_yahoo.com: "Re: Does Portsentry make sense if there is a packet filter?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 19 Jun 2004 15:04:14 +0200
Hello,
I've just set up some new (Debian 3.0 GNU/Linux) servers, and did so as
I always do, but this time I thought maybe adding Portsentry is not a
bad idea.
The thing is: On these machines I also have, like always, installed some
iptables rules, in order to only present those ports to the outside that
should be publicly accessible.
E.g. on one server, which is meant to serve web pages, I opened only
port 80 to the outside, things like SSH are only allowed from my
office's IP, everything else is DROPed.
Well, my question is, does Portsentry make sense at all in this case?
Because it binds to all those ports and waits for scans, which is great,
but due to my packet filter, there will never be a packet that reaches
those ports.
Wouldn't the Right Thing to do be enabling logging via iptables?
Thanks in advance,
-- Manuel Kiessling
- Previous message: Durk van Veen: "Re: Web Server -- In DMZ or On Firewall Box?"
- Next in thread: Giles Coochey: "Re: Does Portsentry make sense if there is a packet filter?"
- Reply: Giles Coochey: "Re: Does Portsentry make sense if there is a packet filter?"
- Reply: xasdfg123456_at_yahoo.com: "Re: Does Portsentry make sense if there is a packet filter?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
