Hi folks. Now that I have portsentry working with shorewall, I''m not sure if I want to use it (portsentry that is). Here is why.. I will be running a website on port 80, granted portsentry does a great job in protecting against portscans but let''s say I wanted to flood my website or something. Could I not do a portscan, find out what ports are open and flood port 80 via a proxy (or an ip that is not blocked from portsentry)? I guess my question is, am I more secure to run portsentry seeing that I have port 80 and 110 open? Thanks all. :o) _________________________________________________________________ Add photos to your e-mail with MSN Premium. Get 2 months FREE* http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines
> Hi folks. > > Now that I have portsentry working with shorewall, I''m not sure if I want > to > use it (portsentry that is). > Here is why.. I will be running a website on port 80, granted portsentry > does a great job in protecting against portscans but let''s say I wanted to > flood my website or something. Could I not do a portscan, find out what > ports are open and flood port 80 via a proxy (or an ip that is not blocked > from portsentry)? > > I guess my question is, am I more secure to run portsentry seeing that I > have port 80 and 110 open? >security is a matter of tradeoffs. Portsentry and similar with an auto-blocking rule is a great way to allow a talented bad guy to shut you down or play with your head (say if they spoof source addresses of places you like to go, such as your ISP''s gateway). It''s also a good way to shut down script kiddies quickly and without manual intervention though, so you''ve got to decide if the convenience of one is worth the risk of another. I wouldn''t open POP up to the Internet though, you might want to watch a transaction with a packet sniffer such as Ethereal. Check out http://www.stunnel.org for a better way. -- Jack At Monkeynoodle.Org: It''s A Scientific Venture... "Every gun that is made, every warship launched, every rocket fired, signifies in the final sense a theft from those who hunger and are not fed, those who are cold and are not clothed." -- President Dwight D. Eisenhower, April 16, 1953
thank you for the feedback, I''m looking into stunnel. >From: "Jack Coates" <jack@monkeynoodle.org> >Reply-To: Mailing List for Shorewall Users <shorewall-users@lists.shorewall.net> >To: "Mailing List for Shorewall Users" <shorewall-users@lists.shorewall.net> >Subject: Re: [Shorewall-users] Should I use portsentry? >Date: Tue, 6 Jul 2004 12:46:04 -0700 (PDT) > > > > Hi folks. > > > > Now that I have portsentry working with shorewall, I''m not sure if I want > > to > > use it (portsentry that is). > > Here is why.. I will be running a website on port 80, granted portsentry > > does a great job in protecting against portscans but let''s say I wanted to > > flood my website or something. Could I not do a portscan, find out what > > ports are open and flood port 80 via a proxy (or an ip that is not blocked > > from portsentry)? > > > > I guess my question is, am I more secure to run portsentry seeing that I > > have port 80 and 110 open? > > > >security is a matter of tradeoffs. Portsentry and similar with an >auto-blocking rule is a great way to allow a talented bad guy to shut you >down or play with your head (say if they spoof source addresses of places >you like to go, such as your ISP''s gateway). It''s also a good way to shut >down script kiddies quickly and without manual intervention though, so >you''ve got to decide if the convenience of one is worth the risk of >another. > >I wouldn''t open POP up to the Internet though, you might want to watch a >transaction with a packet sniffer such as Ethereal. Check out >http://www.stunnel.org for a better way. >-- >Jack At Monkeynoodle.Org: It''s A Scientific Venture... >"Every gun that is made, every warship launched, every rocket fired, >signifies in the final sense a theft from those who hunger and are not >fed, those who are cold and are not clothed." -- President Dwight D. >Eisenhower, April 16, 1953 >_______________________________________________ >Shorewall-users mailing list >Post: Shorewall-users@lists.shorewall.net >Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users >Support: http://www.shorewall.net/support.htm >FAQ: http://www.shorewall.net/FAQ.htm _________________________________________________________________ Add photos to your e-mail with MSN Premium. Get 2 months FREE* http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines
And look into a more standway of quoting too!!! On 7 Jul 2004 at 15:59, Nick . wrote:> thank you for the feedback, I''m looking into stunnel. > > > >From: "Jack Coates" <jack@monkeynoodle.org> > >Reply-To: Mailing List for Shorewall Users > <shorewall-users@lists.shorewall.net> > >To: "Mailing List for Shorewall Users" > <shorewall-users@lists.shorewall.net> > >Subject: Re: [Shorewall-users] Should I use portsentry? > >Date: Tue, 6 Jul 2004 12:46:04 -0700 (PDT) > > > > > > > Hi folks. > > > > > > Now that I have portsentry working with shorewall, I''mnot> sure if I want > > to > > use it (portsentry that is). > > > Here is why.. I will be running a website on port 80, > granted portsentry > > does a great job in protecting against > portscans but let''s say I wanted to > > flood my website or > something. Could I not do a portscan, find out what > > ports > are open and flood port 80 via a proxy (or an ip that is notblocked> > > from portsentry)? > > > > I guess my question > is, am I more secure to run portsentry seeing that I > > have > port 80 and 110 open? > > > >security is a matter of > tradeoffs. Portsentry and similar with an >auto-blocking rule isa> great way to allow a talented bad guy to shut you >down or play > with your head (say if they spoof source addresses of places>you> like to go, such as your ISP''s gateway). It''s also a good way toshut> >down script kiddies quickly and without manual intervention > though, so >you''ve got to decide if the convenience of one isworth> the risk of >another. > >I wouldn''t open POP up to the > Internet though, you might want to watch a >transaction with a > packet sniffer such as Ethereal. Check out>http://www.stunnel.org> for a better way. >-- >Jack At Monkeynoodle.Org: It''s A > Scientific Venture... >"Every gun that is made, everywarship> launched, every rocket fired, >signifies in the final sense atheft> from those who hunger and are not >fed, those who are cold andare> not clothed." -- President Dwight D. >Eisenhower, April 16, > 1953 >_______________________________________________ > >Shorewall-users mailing list >Post: > Shorewall-users@lists.shorewall.net >Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > >Support: http://www.shorewall.net/support.htm >FAQ: > http://www.shorewall.net/FAQ.htm > > _________________________________________________________________Add> photos to your e-mail with MSN Premium. Get 2 months FREE* > http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&> SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-usersSupport:> http://www.shorewall.net/support.htm FAQ: > http://www.shorewall.net/FAQ.htm >-- ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/ (907) 790-3386 ._______________________________________ John S. Andersen NORCOM mailto:JAndersen@norcomsoftware.com Juneau, Alaska http://www.screenio.com/
John S. Andersen wrote:> And look into a more standway of quoting too!!! >Looks like he''s using Hotmail -- I suspect that it is the Mailman HTML->text translator that isn''t handling the HTML ">" representation. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On 7 Jul 2004 at 16:04, Tom Eastep wrote:> John S. Andersen wrote: > > > And look into a more standway of quoting too!!! > > > > Looks like he''s using Hotmail -- I suspect that it is the Mailman > HTML->text translator that isn''t handling the HTML ">" > representation.I suspect so. Its my turn to appologize for being blunt. -- ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/ (907) 790-3386 ._______________________________________ John S. Andersen NORCOM mailto:JAndersen@norcomsoftware.com Juneau, Alaska http://www.screenio.com/