On Wed, 16 Aug 2006 12:32:24 -0400, "Amadeus W. M." <amadeus84@xxxxxxxxxxxxxx> opined: > On Wed, 16 Aug 2006 12:07:18 -0400, David Cary Hart wrote: > > > I don't care to defend portsentry, but I'll say that portsentry > is highly configurable too. However you configure a dynamic > firewall, I think you can still lock yourself out, if you try. > I don't think the DoS scenario I outline above is portsentry > specific. I'm not familiar with swatch though, so I may be wrong. > After my portsentry days, I completely dropped any dynamic > approach to security. > I am doing dynamic/adaptive firewalling but not through IPTables. Swatch triggers a chrooted bash script that also removes the rule with AT after three hours. The reaction from the swatch daemon is nearly instantaneous. I cannot see any way that this could be used to create a ddos. -- Do NOT Send Email to <spam trap> Fedora@TQMcube,com Our DNSRBL - Eliminate Spam at The Source: http://www.TQMcube.com Don't Subsidize Criminals: http://boulderpledge.org -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list