RE: How to avoid port scanners

To: <robert_karllson@non.agilent.com>
Cc: <vegard@engen.priv.no>, <debian-firewall@lists.debian.org>
Subject: RE: How to avoid port scanners
From: Adam William Lydick <awlydick@bulldog.unca.edu>
Date: Thu, 17 Jan 2002 10:53:39 -0500 (EST)
Message-id: <[🔎] Pine.OSF.4.31.0201171045390.420363-100000@bulldog.unca.edu>
In-reply-to: <[🔎] E52C7021EDF4D311BFB30090278CE5A204D9A83F@galatea.germany.agilent.com>

Would this have any effect on the more common case of attackers scanning
for a single open port? Or a slower distributed scan? I don't believe I've
ever seen a full portscan in my logs. They tend to be looking for the
latest BIND/FTP/HTTP flaw. And mostly win32 worms at that :)

Also - from the description on the website portsentry seems to work only
on inactive ports...

Adam

On Thu, 17 Jan 2002 robert_karllson@non.agilent.com wrote:

> Hi,
>
> that would be portsentry
> http://www.psionic.com/abacus/portsentry/
>
> I also believe that there is a built in function in iptables doing this.
>
> Kind regards
> Robert Karlsson

Reply to:

References:
- RE: How to avoid port scanners
  - From: robert_karllson@non.agilent.com

Prev by Date: Re: How to avoid port scanners
Next by Date: Re: How to avoid port scanners
Previous by thread: RE: How to avoid port scanners
Next by thread: Re: How to avoid port scanners
Index(es):
- Date
- Thread