also sprach Dossy Shiobara <dossy@panoptic.com> [2004.09.19.2203 +0200]: > > If I notice the scan immediately, I will occasionally blackhole > > the source IP at our network border, but it's rare that I notice > > in time. > > That's why I suggested writing something that tail's the syslog > and detects the scan immediately ... These scripts already exist. However, they require you to look continuously. That's not an option. And it has to keep the admin in the loop (and thus not be an automated blocker) because otherwise you are open for denial-of-service attacks. -- Please do not CC me when replying to lists; I read them! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Attachment:
signature.asc
Description: Digital signature