>The problem with portsentry is that it binds to all the ports you are
>watching, so people that are scanning actually see those ports open. It is
>better to use snort, which will let you know that the scans have happened
>without the attacker being aware.
Although it binds to all the ports portsentry can blackhole the scanner as
soon as it detects it with an IP chains rule. Once the user starts a scan
they will be immediately blackholed and will never even complete the scan.
:wq
Tim Uckun
Due Diligence Inc. http://www.diligence.com/ Americas Background
Investigation Expert.
If your company isn't doing background checks, maybe you haven't considered
the risks of a bad hire.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
