[Dshield] port 80 "on the high side"

John Hardin johnh at aproposretail.com
Tue Mar 25 17:51:33 GMT 2003


On Mon, 2003-03-24 at 14:33, Brenden Walker wrote:
> I've often wondered if I should turn off PortSentry, I have a feeling I'm
> blocking a lot of the stuff I could be reporting..

Don't. Set it up so that the stuff that portsentry blocks gets logged
and reported.

If you're using firewall rules as the block action, just make sure they
log the traffic in addition to blocking it. You may want to set up a
separate chain for these rules so that the log entries are easy to
identify.

If you need help, or if people would like examples posted to the list,
let me know.


-- 
John Hardin  KA7OHZ                           <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
 "To disable the Internet to save EMI and Disney is the moral
  equivalent of burning down the library of Alexandria to ensure the
  livelihood of monastic scribes."
                                    -- John Ippolito of the Guggenheim
-----------------------------------------------------------------------
 58 days until The Matrix Reloaded



More information about the list mailing list