On Sun, Jun 26, 2005 at 03:27:01PM +0200, [EMAIL PROTECTED] wrote: > I've a question related to PF. > > SpamD provides a trap. If somebody sends e-Mail to a e.g. special > mailadress this host will be added to a list. > > Is there any spamtrap-like Mechanism for the pf? > E.g. more skilled "badguys" don't use `nmap -sS &target`. > Such guys will limit their scans to just a few ports (3-6). > > But if I know that I don't provide e.g. Telnet couldn't the Telnetport be > a "Trapport"? An attacker who connects to that port gets blocked like > SpamD does it with spammers. > > The question I've after reading all the Documentation (realy everything): > Is there such a mechanism? > I ask because I didn't noticed anything about such a system. > > Kind regards, > Sebastian
this is just a little pet project ive been working on, but sadly have been busy with way too many other things to do what i want with it yet. http://shbl.openjunkies.org its all explained there, i know other people are collecting this data in lots of different ways, with snort, or scanning auth logs, but ive played around with them and the guests list catches 99% of scans as guest:guest is such a classic mistake. enjoy, sbr
