Re: Newbie - wants to close ports - port scans
On Mon, 30 Sep 2002, Michael Renzmann wrote:
> Zeno Davatz wrote:
> > I am just gonna deinstall portsentry - why did I install it in the first
> > place???
> In order to get informed in cases when there are (more or less) obvious
> port scans? :)
i say scan the ports all you like ....
you can detect the scan or LOG everything ...
and figure out which tripped your IDS from the logs
port scanners and detectors
- if you let the port scanner send you pages,... i know one company
that got a $30,000/day pager bill
- for pointless phone calls ...
- i know others, that if they get nmap'd ( port scanned ), they simply and
automatically put that ip# number(s) into their firewall reject list
- if you let tripwire send you emails that the system been hacked,
you're too late... you've been hacked... game over ...
but i wanna be able to say....wishfully... if you attempt any real illegal
connections, that you're caught ... within a few minutes... and off we go
to lawyers ...
- script kiddies only need a minute or two to gain complete access
to your server and hide everything with the automated scripts
but, all is easier said than done.. and you'll find 80% of yourhacker
attacks are simply and luckily internal users doing stuff they werent
supposed to be
-- script kiddies will get in ... sooner or later...
all you can do is minimize the damage they can do ..
- dont use the same root passwd, always require passwds,
- use umountable media for backups...
... blah blah ..