hi ya raj
> Is it wise to block an ip just because it did a port scan?
> What if s/he spoofs the ip and puts your ip as source address?
thats exactly what the next level of "script kiddies" does
to get you to block all incoming legit connections
- in this case..block connections from your own clients ??
- port scanning is so common.... it better/cheaper to have
dedicated hosts for each "port"
- too much headache to read false port scan reports that
tom, dick and harry scanned ya...
- fw should only allow only certain ports to pass thru
to certain serves only... otherwise log it...
and check the fw later...
- if they have your fw root passwd too.. ***oooppsss***
- dedicated dns server, web server, smtp, pop3 servers are cheaper to
maintain that to setup all machines to check all ports
c ya
alvin
On Sat, 2 Jun 2001, Rajkumar S. wrote:
> On Sat, 2 Jun 2001, Roderick Cummings wrote:
>
> > Now when portsentry detects a port scan it blocks the ip making the
> > scan.
>
> I am not an expert in security, but some doubts.
>
> Is it wise to block an ip just because it did a port scan?
> What if s/he spoofs the ip and puts your ip as source address?
>
> raj
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
