Re: Portscans/IP list (Was: Re: [cobalt-users] PortSentry works !)

["Rodolfo J. Paiz" <rpaiz@xxxxxxxxxxxxxx>]

At 3/25/01 09:12 AM +0200, you wrote:
> Sorry for the delay, I'm somewhat backlogged.

Join the club... :)

> gsh issued a very valid point, namely that of trust. You'd have to trust me
> not to take advantage of any holes. Reading ahead somewhat in the list I get
> the feeling you actually do, so thank you for that. The feeling is of
> course mutual. :-)

Thanks.

> There's really is not much software to install, imho. nmap, of course, and
> definitely ipchains. So far, I'm not a great fan of portsentry as a
> production tool as I described earlier. As an educational tool it is just
> perfect. I'm very open to (software/rules) suggestions from people out
> there!

I've had a bear of a time recently, since we're moving the hosting stuff 
out of the Qube where it all started and into a RedHat box. I've now fully 
transferred DNS, websites, and email, and am struggling with sendmail 
(although I think that, after two solid months of stress, I'm 90% there; 
I'll wait until Easter to take the week off and give it the coup de grâce.

Somewhere back in time, someone posted a full set of ipchains rules to the 
list. That's my other current project, and I should have my own set figured 
out and working within a week. At that point I'll post it or make 
available; and I'm good at commenting, so whatever little knowledge I've 
acquired will easily transfer.

During the last week of April I'll be moving to our new NOC (far, far less 
fancy than it sounds), renumbering sites, moving equipment, etc. so I'm 
going to be USC until then. As soon as that is done, however, I'll be ready 
to do the scan thing. I'll also be looking for someone with whom to swap 
secondary DNS; which is something I haven't done only because of the 
upcoming move.


--
Rodolfo J. Paiz
rpaiz@xxxxxxxxxxxxxx