Re: Automatic blocking

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 16 Aug 2006 12:07:18 -0400, David Cary Hart wrote:

> On Wed, 16 Aug 2006 11:34:25 -0400, "Amadeus W. M."
> <amadeus84@xxxxxxxxxxxxxx> opined:
>> On Wed, 16 Aug 2006 04:25:38 -0600, Ashley M. Kirchner wrote:
>> 
>> 
>> The answer to your question is portsentry. It runs in the
>> background, monitoring a list of ports for incoming connections. If
>> an attacker hits a port so many times in a short amount of time,
>> portsentry bans the offending machine, by introducing the
>> appropriate rule in iptables. Of course, the list of ports, and the
>> threshold for the number of hits are configurable. 
>> 
>> That said, cool as it may sound, portsentry has a major drawback
>> which made me and many others prefer a non-dynamic approach to
>> security. Portsentry can be used to produce a denial of service
>> attack. Suppose you connect regularly from your work.com machine
>> to your home.net machine, and malicious.com knows that. Then 
>> malicious.com can send packets to home.net pretending to originate
>> from work.com. Then for all it knows, portsentry running on your
>> home.com will cut off acces to work.com. Sounds complicated, but
>> it's trivial to do that, with things like nc or nmap. 
>> 
> Using the swatch (perl) to execute a script is far more
> flexible and controllable (IMO).
> -- 
>       Do NOT Send Email to <spam trap> Fedora@TQMcube,com
> Our DNSRBL - Eliminate Spam at The Source: http://www.TQMcube.com
>                Don't Subsidize Criminals: http://boulderpledge.org


I don't care to defend portsentry, but I'll say that portsentry
is highly configurable too. However you configure a dynamic
firewall, I think you can still lock yourself out, if you try.
I don't think the DoS scenario I outline above is portsentry 
specific. I'm not familiar with swatch though, so I may be wrong.
After my portsentry days, I completely dropped any dynamic 
approach to security.



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux