Re: How to avoid port scanners
On Thu, 17 Jan 2002, Vegard Engen wrote:
> Well. You *could* in theory, I guess, implement something that
> firewalled a specific host totally once you discovered that it was in
> the process of portscanning. This is not that straightforward, though,
> and not foolproof, but you might prevent some portscanning-attacks from
> discovering your services, and failing that due to race conditions (i.e.
> port 25 already having been tried before your system blocked the
> ip-adress), maybe it would be blocked before it started hammering
> exploits against it.
That's what portsentry can be configured to do. But you gain the arguable
side effect that bad guys could do portscans from spoofed IP addresses,
and your server would automatically firewall them, providing an easy and
effective DoS attack.
Bye
Giacomo
--
_________________________________________________________________
Giacomo Mulas <gmulas@ca.astro.it, giacomo.mulas@tin.it>
_________________________________________________________________
OSSERVATORIO ASTRONOMICO DI CAGLIARI
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)
Tel.: +39 070 71180 216 Fax : +39 070 71180 222
_________________________________________________________________
"When the storms are raging around you, stay right where you are"
(Freddy Mercury)
_________________________________________________________________
Reply to: