Re: Automatic blocking

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 16 Aug 2006 11:34:25 -0400, "Amadeus W. M."
<amadeus84@xxxxxxxxxxxxxx> opined:
> On Wed, 16 Aug 2006 04:25:38 -0600, Ashley M. Kirchner wrote:
> 
> 
> The answer to your question is portsentry. It runs in the
> background, monitoring a list of ports for incoming connections. If
> an attacker hits a port so many times in a short amount of time,
> portsentry bans the offending machine, by introducing the
> appropriate rule in iptables. Of course, the list of ports, and the
> threshold for the number of hits are configurable. 
> 
> That said, cool as it may sound, portsentry has a major drawback
> which made me and many others prefer a non-dynamic approach to
> security. Portsentry can be used to produce a denial of service
> attack. Suppose you connect regularly from your work.com machine
> to your home.net machine, and malicious.com knows that. Then 
> malicious.com can send packets to home.net pretending to originate
> from work.com. Then for all it knows, portsentry running on your
> home.com will cut off acces to work.com. Sounds complicated, but
> it's trivial to do that, with things like nc or nmap. 
> 
Using the swatch (perl) to execute a script is far more
flexible and controllable (IMO).
-- 
      Do NOT Send Email to <spam trap> Fedora@TQMcube,com
Our DNSRBL - Eliminate Spam at The Source: http://www.TQMcube.com
               Don't Subsidize Criminals: http://boulderpledge.org


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux