RE: [vox-tech] Running PortSentry
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [vox-tech] Running PortSentry
I'm running in advanced stealth super secret squirrel scan detection mode.
well I made up the super secret squirrel part but the rest is right. After
tweaking the hosts.allow/deny and the portsentry.ignore files, I was even
able to access my server again. Yes, it works wonderfully when you have it
configured correctly. Actually it works just as I told it to. I was not able
to telnet to it (or anything else after the first attempt of telnetting).
This is a real bummer when you are working on a headless system.
Jessica, Please elaborate if you would. This an area (net security) that
fascinates me, however I never have the time (well I never make the time) to
dive into it very much. I know the basics (ports use, firewalling, routing,
etc) but what do you mean about "analyzing raw sockets" v. "binding to the
socket"?
-Doug
-----Original Message-----
This mode analyzes the raw socket rather than binding to the
socket (in essence opening the port, which is how classic mode
works and is one of the main gripes I had with portsentry when I
tried it) and monitors all ports not already in use, so you don't have to
try to guess which ports the attackers are going to hit.
OTOH, if you only want to watch a few specific ports, Enhanced Stealth
Scan Detection mode would probably work equally well.
Classic mode seems awkward for several reasons which I can go into if you
want, and I can't see any particular reason to use it.
jessica
|
