thomas lakofski <[EMAIL PROTECTED]> writes: [snip] > snort (as you mention) good for detecting attacks on ports you must > provide service on -- portsentry is just the one facet but the question > was in re portscans. > > > If you want to stop port-scans, use a proper firewall with DENY > > (ipchains) or DROP (iptables) by default. > > how does this stop the scanner from identifying open ports?
Why is a port open to a scanner's IP#, if not in order to be used? > > Use either snort or, at a push, portsentry, to spot incoming packets > > matching signatures of known exploits, for `cool, I dropped the packet > > anyway' factor. > > snort's flexresp is clever, yes... beats portsentry but considerably more > maintenance. Yes. For a better system, you have to do more work. <shrug> :) ~Tim -- There's peat smoke rising |[EMAIL PROTECTED] >From the village chimneys |http://spodzone.org.uk/
