[ previous ] [ next ] [ threads ]
 
 From:  Christiaens Joachim <jchristi at oce dot be>
 To:  "'Tracy Phillips'" <tracy dot phillips at weberize dot com>, Christiaens Joachim <jchristi at oce dot be>, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] PorSentry Feedback
 Date:  Thu, 23 Oct 2003 15:16:39 +0200
Super! It's getting time for me to set up a dev system!

Joa

-----Original Message-----
From: Tracy Phillips [mailto:tracy dot phillips at weberize dot com]
Sent: donderdag 23 oktober 2003 15:12
To: 'Christiaens Joachim'; m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] PorSentry Feedback


I have portsentry working... or at least I blocked myself out when I ran a
portscan :-)

Of course since there is no permanent file system (other than the floppy)
changes are lost once you reboot (which is not a bad thing sometimes).

I wonder how it would be to symlink the files to the floppy? Hmmmm. That may
have to come later as I am thinking of putting a Prelude sensor on next.

Tracy

-----Original Message-----
From: Christiaens Joachim [mailto:jchristi at oce dot be] 
Sent: Thursday, October 23, 2003 4:01 AM
To: 'Tracy Phillips'; m0n0wall at lists dot m0n0 dot ch

A Yes from me!

I used the logsentry product (which is in fact nothing but a shell script)
for a long time, and was pleased with it.

It would be a great addition for m0n0wall.

Joachim

-----Original Message-----
From: Tracy Phillips [mailto:tracy dot phillips at weberize dot com]
Sent: woensdag 22 oktober 2003 18:15
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] PorSentry Feedback


Hi,

 

I would like to know what the list would think about implementing portsentry
into m0n0wall?

 

http://www.freebsddiary.org/portsentry.php

 

Psionic was purchased by Cisco so the link referenced in the article above
will lead you to Cisco.

 

This is from the readme of portsentry:

 

PortSentry is part of the Abacus Project suite of tools. The Abacus 

Project is an initiative to release low-maintenance, generic, and reliable

host based intrusion detection software to the Internet community. More

information can be obtained from http://www.psionic.com. 

 

PortSentry has a number of options to detect port scans, when it finds one
it

can react in the following ways:

 

            - A log indicating the incident is made via syslog()

            - The target host is automatically dropped into /etc/hosts.deny

              for TCP Wrappers

            - The local host is automatically re-configured to route all

              traffic to the target to a dead host to make the target system

              disappear.

            - The local host is automatically re-configured to drop all

              packets from the target via a local packet filter.

 

 

The purpose of this is to give an admin a heads up that their host is

being probed. There are similar programs that do this already (klaxon, 

etc.) We have added a little twist to the whole idea (auto-blocking), plus

extensive support for stealth scan detection.

 

--

 

I think this would be a great tool to be implemented on a firewall
(obviously Cisco does as well). It's a fairly lightweight program so it
should not take up much room.

 

I would like to get some feedback on the subject

 

 

Tracy Phillips



-----------------------------------------------
MISSION STATEMENT 
-----------------------------------------------
Oce enables its customers to manage their documents efficiently and
effectively by offering innovative print and document management products
and services for professional environments.

-----------------------------------------------
DISCLAIMER 
-----------------------------------------------
This e-mail message and any attachment are intended for the sole use of the
recipient(s) named above and may contain information which is confidential
and/or protected by intellectual property rights.
Any use of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any form) by
other persons than the designated recipient(s) is prohibited.

If you have received this e-mail in error, please notify the sender either
by telephone (0032-2-729.48.11) or by e-mail and delete the material from
any computer.
Oce-Belgium/Oce-Interservices is nor responsible for the correct and
complete transfer of the contents of the sent e-mail, neither for the
receipt on due time.  This e-mail message does not bring about a contractual
obligation for Oce-Belgium/Oce-Interservices.

Thank you for your cooperation.

For further information about Oce-Belgium/Oce-Interservices please see our
website at www.oce.be

-----------------------------------------------




---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch


-----------------------------------------------
MISSION STATEMENT 
-----------------------------------------------
Oce enables its customers to manage their documents efficiently and
effectively by offering innovative print and document management products
and services for professional environments.

-----------------------------------------------
DISCLAIMER 
-----------------------------------------------
This e-mail message and any attachment are intended for the sole use of the
recipient(s) named above and may contain information which is confidential
and/or protected by intellectual property rights.
Any use of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any form) by
other persons than the designated recipient(s) is prohibited.

If you have received this e-mail in error, please notify the sender either
by telephone (0032-2-729.48.11) or by e-mail and delete the material from
any computer.
Oce-Belgium/Oce-Interservices is nor responsible for the correct and
complete transfer of the contents of the sent e-mail, neither for the
receipt on due time.  This e-mail message does not bring about a contractual
obligation for Oce-Belgium/Oce-Interservices.

Thank you for your cooperation.

For further information about Oce-Belgium/Oce-Interservices please see our
website at www.oce.be

-----------------------------------------------