[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] PortSentry - which mode preffered?

Subject: [cobalt-users] PortSentry - which mode preffered?
From: "Dan" <daniel@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Sun Mar 4 09:25:03 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hi,

what mode do people here usually run PortSentry? I think I'm still a bit
confused. I know the advanced mode settings you specify a port (default
1023) to listen down from and include those not to listen to (e.g. SSH,
telnet etc etc) but, for example, I know when my Raq was hacked last week
the hackers exploited port 9999 - does this mean r#that they got in through
port 9999 OR once they got in, they opened port 9999?

Also, with the "classical" mode settings, the default listed here in the
portsentry.conf file:

# Use these if you just want to be aware:
TCP_PORTS="1,11,15,79,111,119,143,540,635,1080,1524,2000,5742,6667,12345,123
46,2
0034,31337,32771,32772,32773,32774,40421,49724,54320"
UDP_PORTS="1,7,9,69,161,162,513,635,640,641,700,32770,32771,32772,32773,3277
4,31
337,54321"

are they the only ports that PortSentry listens on? Is there a standard
setup or list/range of ports that most folks here listen out for on their
Raq's? What I'm trying to do is get the best "range" of ports whilst
excluding the ones I use. Sorry if this seems simple to some (or most) of
you, but I'm a bit confused (which actually doesn't take much! )

Thanks

Dan

Follow-Ups:
- Re: [cobalt-users] PortSentry - which mode preffered?
  - From: inc

Prev by Date: [cobalt-users] Building gcc 2.95.2/RaQ2
Next by Date: RE: [cobalt-users] Another Cron Question .. A little more strange ...
Previous by thread: [cobalt-users] Building gcc 2.95.2/RaQ2
Next by thread: Re: [cobalt-users] PortSentry - which mode preffered?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index