[rescue] OT: open TCP port - followup
David Cantrell
rescue at sunhelp.org
Thu Aug 2 05:09:18 CDT 2001
Eric Hall <jester_123 at yahoo.com> wrote:
> Looks like the culprit is portsentry! After killing
> it, that port is no longer open. Interesting. Is
> portsentry opening ports by scanning them? Perhaps
> I shouldn't run it any more. Any comments on this?
> I *hate* being cracked!
Yes, portsentry listens to ports so it can see if bad people are trying
to tickle them. It's not something to worry about unless you are worried
about portsentry itself.
Except that I think portsentry is a problem because it's so very much
all-or-nothing. As soon as someone tickles one of the ports it is
monitoring, it triggers an action. It shouldn't. There are plenty of
legitimate reasons for someone to hit a monitored port. My own improved
version of portsentry only triggers actions if someone tickles monitored
ports N times in M time - N and M are configurable and default to
N=5, M=3 minutes.
--
David Cantrell | david at cantrell.org.uk | http://www.cantrell.org.uk/david
Do not be afraid of cooking, as your ingredients will know and misbehave
-- Fergus Henderson
More information about the rescue
mailing list