August 5th, 2002, 07:01 PM
I am running PortSentry in the basic mode. I am considering going to the stealth mode.
I understand the difference between binding the port and binding the socket.
The question is does the stealth mode pay off with better information, and does the number of false alarms get out of hand
August 5th, 2002, 09:48 PM
I would not say you would get better information by running in stealth mode.
As far as false positives, it all comes down to how it is configured. It will take some tuning to get it working just how you want. Send me a message if you have any specific questions and I will hlp you offline with your config.
I can even teach you to launch a DoS against anyone who scans your box. Ok...well even though it can be done, I won't tell you that. You'll have to figure that one out on your own...
August 5th, 2002, 10:15 PM
Have been running in minimal mode, the least number of ports monitored, using the config file supplied by the
I had tryed the paranoid setting and became paranoid myself; basically I was getting logs filled with "innocent" alarms.
August 5th, 2002, 11:59 PM
I think the stealth mode has more to do with how port sentry answers the connection request more than what information you receive back in logs...in stealth mode it will log the connection request and just not respond to the connection attempt, but if you run it normally it will return that the port is listening to the person doing the connection and log the attempt...
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)