I've used portsentry for a long time before switching everything over to SuSE 8.2, and I liked it very much for combing through my firewall logs for me. I thought, for sure, that it would have been included in the distro, because so many other great packages already are. However, it's not, and, further, when I Google for it, I see that Cisco has taken over the old domain where it was located (psionic.com). Does anyone know what's happened here? Has Cisco bought the product and made it commercial? Is there still a free version somewhere? Is there a workalike product already included in 8.2 that I don't know about? Thanks, dk -- David "Dunkirk" Krider, http://www.davidkrider.com Acts 17:28, "For in Him we live, and move, and have our being." Linux: Will you use the power for good... or for AWESOME?
On Thursday 22 May 2003 10:58 am, David Krider wrote:
I've used portsentry for a long time before switching everything over to SuSE 8.2, and I liked it very much for combing through my firewall logs for me. I thought, for sure, that it would have been included in the distro, because so many other great packages already are. However, it's not, and, further, when I Google for it, I see that Cisco has taken over the old domain where it was located (psionic.com). Does anyone know what's happened here? Has Cisco bought the product and made it commercial? Is there still a free version somewhere? Is there a workalike product already included in 8.2 that I don't know about?
Are you not really talking about logcheck? Portsentry was a different beast than logcheck. In any event, fear not because logcheck has been taken over by someone who will shortly announce the new support for it. The announcement will be made on freshmeat. In the meantime, if you want to help beta some improvements to it, you can get a copy at: http://doug.hunley.homeip.net/tools/
Thanks, dk
-- David "Dunkirk" Krider, http://www.davidkrider.com Acts 17:28, "For in Him we live, and move, and have our being." Linux: Will you use the power for good... or for AWESOME?
-- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 05/22/03 11:11 + +----------------------------------------------------------------------------+ "The world stands aside to let anyone pass who know where he is going." - David Starr Jordan
Quoting David Krider
I've used portsentry for a long time before switching everything over to SuSE 8.2, and I liked it very much for combing through my firewall logs for me. I thought, for sure, that it would have been included in the distro, because so many other great packages already are. However, it's not, and, further, when I Google for it, I see that Cisco has taken over the old domain where it was located (psionic.com). Does anyone know what's happened here? Has Cisco bought the product and made it commercial? Is there still a free version somewhere? Is there a workalike product already included in 8.2 that I don't know about?
Psionic has been bought by Cisco. You can probably grab an RPM off a previous release. I have a source tarball I could mail you. It is only 48KB. HTH, Jeffrey
On Thu, 2003-05-22 at 10:21, Jeffrey L. Taylor wrote:
Psionic has been bought by Cisco. You can probably grab an RPM off a previous release. I have a source tarball I could mail you. It is only 48KB.
Well, nuts. That's too bad. I still have the 1.1 source. I was just hoping that I was missing something. Perhaps someone will take it over like Bruce says about logcheck. I found log*digest* in the distro, and that's been just as satisfying to me as log*check*, if not more so. I guess there's no alternative to portsentry. Sigh. Thanks for the info, dk
On Thursday 22 May 2003 11:36 am, David Krider wrote:
On Thu, 2003-05-22 at 10:21, Jeffrey L. Taylor wrote:
Psionic has been bought by Cisco. You can probably grab an RPM off a previous release. I have a source tarball I could mail you. It is only 48KB.
Well, nuts. That's too bad. I still have the 1.1 source. I was just hoping that I was missing something. Perhaps someone will take it over like Bruce says about logcheck.
I found log*digest* in the distro, and that's been just as satisfying to me as log*check*, if not more so. I guess there's no alternative to portsentry. Sigh.
portsentry was a port checker... not a log checker... (but you probably know that.) In today's IPTABLEs world, I no longer use portsentry... Don't feel the need for it. But logcheck... use it on every machine.
Thanks for the info, dk
-- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 05/22/03 12:05 + +----------------------------------------------------------------------------+ 'All CPUs wait at the same speed.'
Quoting Bruce Marshall
On Thursday 22 May 2003 11:36 am, David Krider wrote:
On Thu, 2003-05-22 at 10:21, Jeffrey L. Taylor wrote:
Psionic has been bought by Cisco. You can probably grab an RPM off a previous release. I have a source tarball I could mail you. It is only 48KB.
Well, nuts. That's too bad. I still have the 1.1 source. I was just hoping that I was missing something. Perhaps someone will take it over like Bruce says about logcheck.
I found log*digest* in the distro, and that's been just as satisfying to me as log*check*, if not more so. I guess there's no alternative to portsentry. Sigh.
portsentry was a port checker... not a log checker... (but you probably know that.) In today's IPTABLEs world, I no longer use portsentry... Don't feel the need for it. But logcheck... use it on every machine.
I use Portsentry as backup for the firewall. If the firewall gets left down in testing/debugging or as a check on the integrity/correctness of the firewall. I don't like leaving something as important as security to just one layer. Jeffrey
On Thu, 2003-05-22 at 11:06, Bruce Marshall wrote:
portsentry was a port checker... not a log checker... (but you probably know that.) In today's IPTABLEs world, I no longer use portsentry... Don't feel the need for it. But logcheck... use it on every machine.
Oh crap. That's right. portsentry was of no use since I was blocking most everything, and those packets never reached the user layer. What I was thinking of was "psad." (http://www.cipherdyne.com/psad/) I had just been thinking that, because of the "ps" in the front, that it was part of the (p)ort(s)entry package. I see that psad is also not in the 8.2 distro. Is there a workalike replacement for that, or am I going to have to get it from source? Thanks and regards, dk
The 03.05.22 at 12:53, David Krider wrote:
Oh crap. That's right. portsentry was of no use since I was blocking most everything, and those packets never reached the user layer. What I was thinking of was "psad." (http://www.cipherdyne.com/psad/) I had just
There is a psad in suse 8.1 bastille. I don't know if it included in 8.2 -- Cheers, Carlos Robinson
On Thursday 22 May 2003 09:36, David Krider wrote:
Well, nuts. That's too bad. I still have the 1.1 source. I was just hoping that I was missing something. Perhaps someone will take it over like Bruce says about logcheck.
That's exactly what appears to be happening. Have a look at: http://sourceforge.net/forum/forum.php?forum_id=275043 -- Bob Swift
On Thu, May 22, 2003 at 10:36:10AM -0500, David Krider wrote:
On Thu, 2003-05-22 at 10:21, Jeffrey L. Taylor wrote:
Psionic has been bought by Cisco. You can probably grab an RPM off a previous release. I have a source tarball I could mail you. It is only 48KB.
Well, nuts. That's too bad. I still have the 1.1 source. I was just hoping that I was missing something. Perhaps someone will take it over like Bruce says about logcheck.
People can still download Portsentry from http://packetstorm.blackroute.net/UNIX/IDS/ (well that link comes from ports collection at my FreeBSD box.)
participants (6)
-
Bob Swift -
Bruce Marshall -
Carlos E. R. -
David Krider -
Irwan Hadi -
Jeffrey L. Taylor