Re: How to avoid port scanners
On Thu, Jan 17, 2002 at 04:31:44PM +0100, Vegard Engen wrote:
> Well. You *could* in theory, I guess, implement something that firewalled
> a specific host totally once you discovered that it was in the process of
> portscanning. This is not that straightforward, though, and not foolproof,
> but you might prevent some portscanning-attacks from discovering your services,
> and failing that due to race conditions (i.e. port 25 already having been
> tried before your system blocked the ip-adress), maybe it would be blocked
> before it started hammering exploits against it.
>
> I have never tried something like this, though.
I leave a couple ports open, and run portsentry on them. People
portscanning usually hit these ports and get blocked. After that they
can't hit my SMTP or HTTP servers.
This works well against kiddies, but smart crackers don't port scan you
- that's like announcing they're coming with a megaphone first.
--
Nate Campi http://www.campin.net GnuPG key: 0xC17AEF79
One morning I shot an elephant in my pyjamas. How he got into my pyjamas
I'll never know. - Groucho Marx
Reply to: