On Wed, 16 Aug 2006 11:34:25 -0400, "Amadeus W. M." <amadeus84@xxxxxxxxxxxxxx> opined: > On Wed, 16 Aug 2006 04:25:38 -0600, Ashley M. Kirchner wrote: > > > The answer to your question is portsentry. It runs in the > background, monitoring a list of ports for incoming connections. If > an attacker hits a port so many times in a short amount of time, > portsentry bans the offending machine, by introducing the > appropriate rule in iptables. Of course, the list of ports, and the > threshold for the number of hits are configurable. > > That said, cool as it may sound, portsentry has a major drawback > which made me and many others prefer a non-dynamic approach to > security. Portsentry can be used to produce a denial of service > attack. Suppose you connect regularly from your work.com machine > to your home.net machine, and malicious.com knows that. Then > malicious.com can send packets to home.net pretending to originate > from work.com. Then for all it knows, portsentry running on your > home.com will cut off acces to work.com. Sounds complicated, but > it's trivial to do that, with things like nc or nmap. > Using the swatch (perl) to execute a script is far more flexible and controllable (IMO). -- Do NOT Send Email to <spam trap> Fedora@TQMcube,com Our DNSRBL - Eliminate Spam at The Source: http://www.TQMcube.com Don't Subsidize Criminals: http://boulderpledge.org -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list