|
||||||||
Super! It's getting time for me to set up a dev system! Joa -----Original Message----- From: Tracy Phillips [mailto:tracy dot phillips at weberize dot com] Sent: donderdag 23 oktober 2003 15:12 To: 'Christiaens Joachim'; m0n0wall at lists dot m0n0 dot ch Subject: RE: [m0n0wall] PorSentry Feedback I have portsentry working... or at least I blocked myself out when I ran a portscan :-) Of course since there is no permanent file system (other than the floppy) changes are lost once you reboot (which is not a bad thing sometimes). I wonder how it would be to symlink the files to the floppy? Hmmmm. That may have to come later as I am thinking of putting a Prelude sensor on next. Tracy -----Original Message----- From: Christiaens Joachim [mailto:jchristi at oce dot be] Sent: Thursday, October 23, 2003 4:01 AM To: 'Tracy Phillips'; m0n0wall at lists dot m0n0 dot ch A Yes from me! I used the logsentry product (which is in fact nothing but a shell script) for a long time, and was pleased with it. It would be a great addition for m0n0wall. Joachim -----Original Message----- From: Tracy Phillips [mailto:tracy dot phillips at weberize dot com] Sent: woensdag 22 oktober 2003 18:15 To: m0n0wall at lists dot m0n0 dot ch Subject: [m0n0wall] PorSentry Feedback Hi, I would like to know what the list would think about implementing portsentry into m0n0wall? http://www.freebsddiary.org/portsentry.php Psionic was purchased by Cisco so the link referenced in the article above will lead you to Cisco. This is from the readme of portsentry: PortSentry is part of the Abacus Project suite of tools. The Abacus Project is an initiative to release low-maintenance, generic, and reliable host based intrusion detection software to the Internet community. More information can be obtained from http://www.psionic.com. PortSentry has a number of options to detect port scans, when it finds one it can react in the following ways: - A log indicating the incident is made via syslog() - The target host is automatically dropped into /etc/hosts.deny for TCP Wrappers - The local host is automatically re-configured to route all traffic to the target to a dead host to make the target system disappear. - The local host is automatically re-configured to drop all packets from the target via a local packet filter. The purpose of this is to give an admin a heads up that their host is being probed. There are similar programs that do this already (klaxon, etc.) We have added a little twist to the whole idea (auto-blocking), plus extensive support for stealth scan detection. -- I think this would be a great tool to be implemented on a firewall (obviously Cisco does as well). It's a fairly lightweight program so it should not take up much room. I would like to get some feedback on the subject Tracy Phillips ----------------------------------------------- MISSION STATEMENT ----------------------------------------------- Oce enables its customers to manage their documents efficiently and effectively by offering innovative print and document management products and services for professional environments. ----------------------------------------------- DISCLAIMER ----------------------------------------------- This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which is confidential and/or protected by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone (0032-2-729.48.11) or by e-mail and delete the material from any computer. Oce-Belgium/Oce-Interservices is nor responsible for the correct and complete transfer of the contents of the sent e-mail, neither for the receipt on due time. This e-mail message does not bring about a contractual obligation for Oce-Belgium/Oce-Interservices. Thank you for your cooperation. For further information about Oce-Belgium/Oce-Interservices please see our website at www.oce.be ----------------------------------------------- --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch ----------------------------------------------- MISSION STATEMENT ----------------------------------------------- Oce enables its customers to manage their documents efficiently and effectively by offering innovative print and document management products and services for professional environments. ----------------------------------------------- DISCLAIMER ----------------------------------------------- This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which is confidential and/or protected by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone (0032-2-729.48.11) or by e-mail and delete the material from any computer. Oce-Belgium/Oce-Interservices is nor responsible for the correct and complete transfer of the contents of the sent e-mail, neither for the receipt on due time. This e-mail message does not bring about a contractual obligation for Oce-Belgium/Oce-Interservices. Thank you for your cooperation. For further information about Oce-Belgium/Oce-Interservices please see our website at www.oce.be ----------------------------------------------- |