[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Is a firewall necessary with a RaQ?

Subject: Re: [cobalt-users] Is a firewall necessary with a RaQ?
From: "Gerald Waugh" <gerald@xxxxxxxxx>
Date: Wed Nov 14 00:52:25 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> Our 'out-of-the-box' RAQ4R temporarily blocks an IP address when they
> 'poke' around..like when you get port scanned the IP gets suspended for
> about 60 seconds.

What does this? I never heard of it!
 
> I guess the real difference with something like port sentry and IP
> chains is that a permanent rule gets automatically created to block that
> IP, as you mention above.

Port Sentry does not necessarily create a permanent block!
ipchains 'deny' or 'reject' do not create a permanent rule.
Port sentry may write to /etc/hosts.deny [permanent] or
it may just block the route (which is *not* permanent) lost on reboot.

> A useability thought here - if someone is on a dynamic IP address the
> next time they logon (given a fresh IP address) then the firewall would
> cease block the correct person...further an innocent person who may have
> been assigned the original 'now blocked' dynamic IP could not see your
> server and therefore any of or websites!

somewhat!
That's the bad thing about port sentry, ipchains does not do that!

Gerald

Follow-Ups:
- RE: [cobalt-users] Is a firewall necessary with a RaQ?
  - From: Todd Kirk

References:
- RE: [cobalt-users] Is a firewall necessary with a RaQ?
  - From: Todd Kirk

Prev by Date: RE: [cobalt-users] Is a firewall necessary with a RaQ?
Next by Date: Re: [cobalt-users] [RAQ 3i] Wierd Cron Daily Message
Previous by thread: RE: [cobalt-users] Is a firewall necessary with a RaQ?
Next by thread: RE: [cobalt-users] Is a firewall necessary with a RaQ?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index