[buug] Convert Linux Gateway to OpenBSD
itz at speakeasy.org
Thu Oct 24 16:29:17 PDT 2002
jan> portsentry, at least on BSDs, simply listen on ports for
jan> scans. since scans are some of the most common traffic you'll
jan> encounter, it's simply wasted overhead. if you default to denying
jan> all traffic, the portsentry program sits there, doing
jan> nothing. it's not particularly intelligent about how it blocks
jan> things either. if it detects a scan - sometimes little more than
jan> a connection to a port that's not open - it flips out.
jan> portsentry simply provides too many false positives, making it
jan> more useless than simply blocking the ports and logging each
jan> connection in the first place.
I agree with this. I myself have stopped running snort on my box
a few days after switching to a DENY firewall policy, when I saw that
all it could tell me about was a couple of harmless ping requests a
day (the harmful ones are blocked) and it was in fact the greatest hog
among the daemons.
The real stuff is in the kernel log, where the denied packets go.
Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush.
GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
More information about the buug