l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
December 2: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2001 Dec 30 16:58

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
RE: [vox-tech] Running PortSentry
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [vox-tech] Running PortSentry



I'm running in advanced stealth super secret squirrel scan detection mode.
well I made up the super secret squirrel part but the rest is right. After
tweaking the hosts.allow/deny and the portsentry.ignore files, I was even
able to access my server again. Yes, it works wonderfully when you have it
configured correctly. Actually it works just as I told it to. I was not able
to telnet to it (or anything else after the first attempt of telnetting).
This is a real bummer when you are working on a headless system.

Jessica, Please elaborate if you would. This an area (net security) that
fascinates me, however I never have the time (well I never make the time) to
dive into it very much. I know the basics (ports use, firewalling, routing,
etc) but what do you mean about "analyzing raw sockets" v. "binding to the
socket"?

-Doug

-----Original Message-----
This mode analyzes the raw socket rather than binding to the
socket (in essence opening the port, which is how classic mode
works and is one of the main gripes I had with portsentry when I
tried it) and monitors all ports not already in use, so you don't have to
try to guess which ports the attackers are going to hit.

OTOH, if you only want to watch a few specific ports, Enhanced Stealth
Scan Detection mode would probably work equally well.

Classic mode seems awkward for several reasons which I can go into if you
want, and I can't see any particular reason to use it.

jessica



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.