Re: Port Sentry - good idea

[Alvin Oga <aoga@Mail.Linux-Consulting.com>]

hi ya raj

> Is it wise to block an ip just because it did a port scan?
> What if s/he spoofs the ip and puts your ip as source address?

thats exactly what the next level of "script kiddies" does 
to get you to block all incoming legit connections
	- in this case..block connections from your own clients ??

- port scanning is so common.... it better/cheaper to have
  dedicated hosts for each "port"

- too much headache to read false port scan reports that
  tom, dick and harry scanned ya...
	- fw should only allow only certain ports to pass thru
	to certain serves only... otherwise log it...
	and check the fw later...

	- if they have your fw root passwd too.. ***oooppsss***

- dedicated dns server, web server, smtp, pop3 servers are cheaper to
  maintain that to setup all machines to check all ports

c ya
alvin

On Sat, 2 Jun 2001, Rajkumar S. wrote:

> On Sat, 2 Jun 2001, Roderick Cummings wrote:
> 
> > Now when portsentry detects a port scan it blocks the ip making the
> > scan.
> 
> I am not an expert in security, but some doubts.
> 
> Is it wise to block an ip just because it did a port scan?
> What if s/he spoofs the ip and puts your ip as source address?
> 
> raj
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>