hi john i think its more the issue of what "users" do after they see the portscan log messsages...
changing fw rules due to portscan loggs is like shooting yourself in the foot if one does not know why you're updating the fw rules ( "i heard someone say update the fw to stop port scans" is not good ( enough of a reason c ya alvin http://www.Linux-Sec.net On 2 Jun 2001, John Hasler wrote: > > It is trivial to spoof the source address of a portscan, allowing one to > > cause your machine to block access from your nameservers or your clients > > or other important sites. > > While certainly no panacea, portsentry isn't that stupid. The authors > thought about this and provided for it. > --
