From nobody Sun Apr 09 16:18:31 2023 X-Original-To: ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Pvcjw5MpPz44dyw for ; Sun, 9 Apr 2023 16:19:00 +0000 (UTC) (envelope-from freebsd@gushi.org) Received: from prime.gushi.org (prime.gushi.org [IPv6:2620:137:6000:10::142]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "prime.gushi.org", Issuer "RapidSSL Global TLS RSA4096 SHA256 2022 CA1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Pvcjt1KfVz3qXQ for ; Sun, 9 Apr 2023 16:18:58 +0000 (UTC) (envelope-from freebsd@gushi.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gushi.org header.s=prime2014 header.b="PjjGbzL/"; spf=pass (mx1.freebsd.org: domain of freebsd@gushi.org designates 2620:137:6000:10::142 as permitted sender) smtp.mailfrom=freebsd@gushi.org; dmarc=pass (policy=none) header.from=gushi.org Received: from smtpclient.apple ([149.20.66.196]) (authenticated bits=0) by prime.gushi.org (8.16.1/8.16.1) with ESMTPSA id 339GIgcS055180 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 9 Apr 2023 09:18:45 -0700 (PDT) (envelope-from freebsd@gushi.org) DKIM-Filter: OpenDKIM Filter v2.10.3 prime.gushi.org 339GIgcS055180 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gushi.org; s=prime2014; t=1681057126; bh=T+zCPNEvY+ZBrCrH9ugL8/PgcvrXNLx2zK6ZB/kd9LE=; h=Subject:From:In-Reply-To:Date:Cc:References:To; z=Subject:=20Re:=20security/portsentry=20removal|From:=20"Dan=20Mah oney=20(Ports)"=20|In-Reply-To:=20<76e5f77c-eea 7-619d-b45a-a1fbae6d3c1e@netfence.it>|Date:=20Sun,=209=20Apr=20202 3=2009:18:31=20-0700|Cc:=20ports@freebsd.org|References:=20<202304 081440.338Ee79H007421@nuc.oldach.net>=0D=0A=20<76e5f77c-eea7-619d- b45a-a1fbae6d3c1e@netfence.it>|To:=20Andrea=20Venturoli=20; b=PjjGbzL/PSgIlUEixfp/yJ4YD6JRTSZRwV3753YsFij/4wxwpc/lrei5QNLNCBlMD uUHSb/MM3YxC2JjWxfzAZQL74oyuRYjFo9KwQ5FDLdm1o6m+m6snaeF+iC+W3gp96m VqZ8U2eTZTC57T11MImS775Ypbekny+VpW8cCe0zZ9VZCLGxcVAP7B8C9BOes05me7 G2cj5WgpWPWoGU7R6A9PrRTZMJr6fX+PJB1Hg8R3XZoEEIa//JRJzL16ZACCCnzfGa gTWVN5/Ywpr01hGD2Bt9+dNf0zDLyv4fRD7dVyWYljWo62p0TOUnIDvpNTAPft+HT7 nS5E3kK/kjFXQ== X-Authentication-Warning: prime.gushi.org: Host [149.20.66.196] claimed to be smtpclient.apple Content-Type: text/plain; charset=utf-8 List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.500.231\)) Subject: Re: security/portsentry removal From: "Dan Mahoney (Ports)" In-Reply-To: <76e5f77c-eea7-619d-b45a-a1fbae6d3c1e@netfence.it> Date: Sun, 9 Apr 2023 09:18:31 -0700 Cc: ports@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <01FA5068-6860-48A3-B483-2EC49A9F2999@gushi.org> References: <202304081440.338Ee79H007421@nuc.oldach.net> <76e5f77c-eea7-619d-b45a-a1fbae6d3c1e@netfence.it> To: Andrea Venturoli X-Mailer: Apple Mail (2.3731.500.231) X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.4 (prime.gushi.org [149.20.68.142]); Sun, 09 Apr 2023 16:18:54 +0000 (UTC) X-Spamd-Result: default: False [-6.20 / 15.00]; DWL_DNSWL_MED(-2.00)[gushi.org:dkim]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; DMARC_POLICY_ALLOW(-0.50)[gushi.org,none]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; MV_CASE(0.50)[]; R_DKIM_ALLOW(-0.20)[gushi.org:s=prime2014]; RCVD_IN_DNSWL_MED(-0.20)[2620:137:6000:10::142:from]; R_SPF_ALLOW(-0.20)[+a:prime.gushi.org]; MIME_GOOD(-0.10)[text/plain]; FROM_HAS_DN(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; MLMMJ_DEST(0.00)[ports@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:393507, ipnet:2620:137:6000::/44, country:US]; HAS_XAW(0.00)[]; TO_DN_SOME(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[gushi.org:+]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-Rspamd-Queue-Id: 4Pvcjt1KfVz3qXQ X-Spamd-Bar: ------ X-ThisMailContainsUnwantedMimeParts: N > On Apr 8, 2023, at 9:01 AM, Andrea Venturoli wrote: >=20 > On 4/8/23 16:40, Helge Oldach wrote: >=20 >> I wonder why that would provide anything useful though. >=20 > Main reason is to react to port scans or swiping attempts at = well-known service. > I.e. Someone (or some bot) connect to port 22, 25, 110, etc... when = there's no such service available and he/she/it gets banned. >=20 > I too am wondering whether this still makes sense today (after more = that 20 years since portsentry was conceived). > Yey I'm currently tasked to replace it, with possible questions being = asked later :) =46rom a security point of view, detecting when someone is running a = portscan on you is still useful. Especially when FreeBSD is running on = a NAT box or a router, so it has visibility for more than just its own = host. If I had to implement this today, I=E2=80=99d simply do it with ipfw log = rules (for any list of closed ports), and fail2ban, which could be used = to block subnets after any N attempts. As a bonus, you don=E2=80=99t = need a daemon listening on the ports to do this. -Dan=