hack lesson?
R Scott Belford
sctinc at mac.com
Sat Jan 12 03:20:30 PST 2002
Thanks. That's good to know about portsentry. I like its reactionary
features above the detection benefits of snort. When back together,
I'll have to run it in stealth mode.
On Saturday, January 12, 2002, at 01:12 AM, Warren Togami wrote:
> ----- Original Message -----
> From: "R Scott Belford" <sctinc at mac.com>
> To: "Linux & Unix Advocates & Users" <luau at list.luau.hi.net>
> Sent: Saturday, January 12, 2002 12:28 AM
> Subject: [luau] Re: hack lesson?
>
>
>> I ran portsentry some lately, but freaked out when I nmapped myself and
>> saw that all kinds of wicked ports were open. Some reading at
>> chkrootkit.org led me to believe that this was part of how it
>> worked. I
>> still disabled it until I could research it more. Any insights here?
>> Perhaps I unpacked a sinister tarball a few weeks ago.
>>
>
> Portsentry can run in "stealth" mode in Linux (but not other operating
> systems). This can make it look like you don't have tons of open
> ports, but
> still have the monitoring capability. When I use portsentry I usually
> use
> the advanced TCP mode and ignore UDP due to the high amount of false
> alarms... but that's just me.
>
>
>
> ---
> You are currently subscribed to luau as: sctinc at mac.com
> To unsubscribe send a blank email to $subst('Email.Unsub')
More information about the LUAU
mailing list