OpenBSD Journal

Trio of OnLamp Articles

Contributed by jose on from the triple-redundancy dept.

Three recent OnLamp stories are worth noting. They provide a little of something to everyone.

The first is an overview of the TriSentry tools . This covers the tools portsentry (available in ports) and logcheck (also available in ports).

The second is a coverage of SSH basics , another guide for new SSH users. This article introduces what Dru hopes will be a series on SSH for BSD users.

The third is an introduction to the zebra routing daemon (also available in ports). Zebra is a userland tool which handles many types of routing protocols on a UNIX machine.

Each of these are worth looking at for a variety of needs. Enjoy!

(Comments are closed)


Comments
  1. By Matt Burke () matt@botchitt.com on mailto:matt@botchitt.com

    Really, is portsentry still of any use? It seems anyone who's anyone in the script kiddie scene nowadays uses distributed portscanning, which will of course bypass even portsentry's most anal mode.

    I've seen kernel fw acl's a mile long because they've been hit by a few distributed portscans... surely for a popular site this can be a prelude to a DoS?

  2. By RC () on

    Why are so many people impressed with IDSes, and similar products? It seems to be a big topic here. Sure, something like tripwire, and others that look for real signs of a break-in are good, but why wory about the minor stuff?

    If you've been scanned, so what? If you are running vulnerable software, that's not going to stop anyone (and if you know something is vulnerable, why are you using that software?). If you are secure, then why concern yourself with scans and minor break-in attempts?

    Have I missed something?

    Comments
    1. By El Volio () on mailto:kylem at xwell dot gro (reverse the TLD)

      It's because of large environments. If you have a large network with thousands of devices in a production environment, change management sometimes makes it difficult to immediately upgrade to the latest, patched versions. In such a case, network IDS is really valuable.

      That said, watching for portscans is probably of virtually no use. Watching for actual attacks is of much greater use. And of course host IDS (properly configured and deployed) is really valuable.

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]