I don't use port sentry on any servers or routers because.
Kiddie (x) could smurf one of my servers from a dialup account.
I could nuke that ip, and then some other user could get delegated that ip
from a dialup server and find themselves unable to connect to my machine(s).
Still the idea of nmaping someone who smurfs me is tempting.
I don't use snort, because, the one time I did install it on a router I
found that ICMP response times were almost tripled.
Which I accept was a result of 'bad' configuration, but this was the
'default' config, so I said "what's the point?", simply firewall off
services I don't want visible to the outside world and take on the task of
monitoring security on services I do offer.
http://www.linux.ie/articles/portsentryandsnortcompared.php
--Interesting article btw.... maybe I'll give snort another chance.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
