On Wed, 10 Apr 2002, Steve Werby wrote: > Gerald, you can specify exactly which ports you want it to listen to. By > allowing it to bind to ports that you don't use and would probably otherwise > block with IPCHAINS, iptables, etc. is that hopefully you'll catch a hacker > doing a port scan before they get to one of your active ports running real > services and automatically drop their traffic in your firewall. BTW, IMO > it's a good idea to flush all of the IPs associated with scan attempts a > reasonable amount of time after they're added to the firewall. If your > firewall rules become too cumbersome it starts to affect performance and > since most hackers are probably connecting from dynamic IPs on dialups or > rooted machines that aren't their own IMO in general there's little benefit > to keeping those offending IPs listed more than a day or two, by which time > the threat has probably passed. You probably know this or have your own > mechanisms in place, just thought I'd share my opinion for anyone reading > this. > Ok, that makes a little more sense. Do you have a list of suggested ports, to catch scans???
-- Gerald Waugh http://www.frontstreetnetworks.com Front Street Networks LLC - 203-785-0699 229 Front Street, Ste. #C, New Haven CT, 06513-3203 _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
