Steve Lamb wrote:
I agree, Portscans themselves are not the main problem. My original problem were extremely ofthen repeating ssh brute force attacks (almost all the time for many days). I just looked into the iana port number table for free ports and moved the sshd port to a high port number > 20000. Now the brute forcing has stopped. Of course, this does not really increase the security of ssh, but it keeps the logs way cleaner and shorter. Now i just get mail from logcheck about real user logins. I learned that i could use portsentry to protect against portscans, which sould make things much more difficult for potential attackers. I didnt yet install portstentry because i dont have the time to read the docs and i dont think it is really necessary. Maybe i will do it just out of curiosity to learn about the technology of portscan detection when i find the time.Gnu-Raiz wrote:People like me rely on the ISP for their dhcp ip address, so why would a ISP allow their routers to forward port scans to their own ip address net blocks?Becausee, strictly speaking, port scans are harmless. Ooooh, you have open ports. Scary! Furthermore define a port scan vs. legitimate traffic where you get no false positives. Not as easy as it sounds.
Greetings, Thomas