Re: traffic logging

[damian () ITACTICS COM (Damian Gerow)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Hello,
>
> I'm the author of the PortSentry software and would like to add some
> comments to this thread.
>
> > > Humm...  I don't much care for PortSentry's retaliation
> sequence. The
> > > suggested action (blocking the route, adding offending host to
> > > hosts.deny, setting up a firewall rule to deny all
> traffic coming from
> > > the offending host) really turns me off - it creates a
> nice, simple DoS
> > > on it's own.
>
> A lot of people say this and the scenario is stated many times in the
> software documentation in the interest of full-disclosure for
> the user.
> From the actual field-use perspective, I've never heard of
> this problem
> being a serious issue from any user at all. In other words I've had
> absolutely zero complaints of actual attacks doing this that weren't
> related to direct hostile activity against a host. The DoS
> issue is simply
> not relevant from the field deployments I've seen. FWIW.

I personally have never had any problems with it either, I'm just saying
that problems can arise quickly, if the attacker figures out the actions
being taken.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBORheOvWPEBDMsfC4EQJRjwCggND1dKUBTOCCCZb/XH80sjf0QWEAoOP4
a0i4W1Ie2GnldDrU2QbNlEgp
=N5pW
-----END PGP SIGNATURE-----