Hi, Glenn English wrote: > port scan[s] ... Is there any way to stop them?
You can make their life harder by running slow servers at some ports. It can be funny to watch with SSH attack attempts. Usually it lasts 10 or 15 seconds until the visitor gives up. Dumb ones repeat the attempt with the next login name. Also cool: If file sharers show up, then keep one on hold until a second one calls. Then forward their requests to the respective other one. Two revenges taken for the price of one. > Am I overly paranoid here? What if a non-script-kiddie is also doing > this, but slowly enough that the firewall doesn't detect it? Run your own port scan and shut down any insecure service that gets found. Have no password-only SSH accounts but rather demand public-key authoriziation. Have a nice day :) Thomas
