[buug] Convert Linux Gateway to OpenBSD
Ian Zimmerman
itz at speakeasy.org
Thu Oct 24 16:29:17 PDT 2002
jan> portsentry, at least on BSDs, simply listen on ports for
jan> scans. since scans are some of the most common traffic you'll
jan> encounter, it's simply wasted overhead. if you default to denying
jan> all traffic, the portsentry program sits there, doing
jan> nothing. it's not particularly intelligent about how it blocks
jan> things either. if it detects a scan - sometimes little more than
jan> a connection to a port that's not open - it flips out.
jan> portsentry simply provides too many false positives, making it
jan> more useless than simply blocking the ports and logging each
jan> connection in the first place.
I agree with this. I myself have stopped running snort on my box
a few days after switching to a DENY firewall policy, when I saw that
all it could tell me about was a couple of harmless ping requests a
day (the harmful ones are blocked) and it was in fact the greatest hog
among the daemons.
The real stuff is in the kernel log, where the denied packets go.
--
Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush.
GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
More information about the buug
mailing list