Re: 'mirror' with iptables
thomas lakofski <thomas@88.net> writes:
[snip]
> snort (as you mention) good for detecting attacks on ports you must
> provide service on -- portsentry is just the one facet but the question
> was in re portscans.
>
> > If you want to stop port-scans, use a proper firewall with DENY
> > (ipchains) or DROP (iptables) by default.
>
> how does this stop the scanner from identifying open ports?
Why is a port open to a scanner's IP#, if not in order to be used?
> > Use either snort or, at a push, portsentry, to spot incoming packets
> > matching signatures of known exploits, for `cool, I dropped the packet
> > anyway' factor.
>
> snort's flexresp is clever, yes... beats portsentry but considerably more
> maintenance.
Yes. For a better system, you have to do more work. <shrug> :)
~Tim
--
There's peat smoke rising |piglet@stirfried.vegetable.org.uk
>From the village chimneys |http://spodzone.org.uk/
Reply to: