Yup, it's a lot more than just a static firewall.
If you use the "atcp" option it listens in on a selected number of ports
(widely dispersed and you can change them yourself) and if anyone
connects to them their IP address is effectively blocked from your
machine. You can't get to them, and they can't get to you! Of course, if
a service is running on one of the ports it's ignored.
Portsentry is smart enough to handle different protocols
(http/ftp/telnet etc..) and works very well here in work and at home.
Read the docs on the Portsentry homepage for a lot better description!
Oh yeah, don't block ident. ftp servers, Exchange and IIS send ident
requests back to you and might not allow access if it's blocked.
Collins_Paul at emc.com wrote:
>> > From: Donncha O Caoimh [mailto:donncha.ocaoimh at tradesignals.com]
> > I wrote a small article on Portsentry, it's available at
> > http://cork.linux.ie/articles/safe.php3>> I set up ipchains on my box at home when I found two telnet attempts in my
> log files. I've seen a few connect attempts, mostly to port 119 (ident, I
> think), from a machine that appears to be an Exchange server. Freaky.
>> Does PortSentry offer anything above and beyond plain ipchains in terms of
> protection (obviously ipchains won't send you mail if there someone attempts
> to connect to you)?
>> The stuff I have done is udp and tcp ports 0-1023 and 6000-6010 set to DENY;
> is there anything else I should be doing? (I'm thinking about suppressing
> ping replies.)
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!