[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Portsentry and iptables

From: Hal Burgiss <hal foobox net>
To: redhat-list redhat com
Subject: Re: Portsentry and iptables
Date: Fri, 28 Sep 2001 17:24:44 -0400

On Fri, Sep 28, 2001 at 04:58:37PM -0400, Devon wrote:
> I keep port sentry around as part of a 'defense in depth' stratagy. If 
> there is a hole in the firewall, portsentry may be able to catch it.

I completely agree.
 
> In my case, it uses next to 0 resources, and never generates messages.
> (Other than start up and shut down messages)
> The firewall is catching anything that would trigger portsentry. 
> 
> 14009 root       9   0    72    4     4 S     0.0  0.0   0:00 portsentry
> 14013 root       9   0    76    4     4 S     0.0  0.0   0:00 portsentry
> 
> What kind of messages are you seeing? If portsentry is seeing traffic, 
> it's probably because your firewall is allowing it through. This is a 
> perfect example of why using both might not be a bad idea.

10-1 says portsentry is trying to bind to a port already in use, and
can't. I have done this, and that is exactly the symptoms -- all CPU
and massive logging. I forget what it said, but was not obvious what
the problem was.

-- 
Hal Burgiss
 
 "I will not send a two million dollar missile at a ten dollar tent,
 just to hit a camel in the butt". GW Bush
--

References:
- Portsentry and iptables
  - From: Bill Johnson
- Re: Portsentry and iptables
  - From: Devon

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]