> > Gerald, you can specify exactly which ports you want it to listen to. By > > allowing it to bind to ports that you don't use and would probably otherwise > > block with IPCHAINS, iptables, etc. is that hopefully you'll catch a hacker > > doing a port scan before they get to one of your active ports running real > > services and automatically drop their traffic in your firewall.
And then when the hacker does a decoy scan you get hundreds of innocent ips blocked from your server. And hey, if the hacker discovers what you're doing, he can just send more decoys until your server is pretty much shut down to the outside world, until the rules get flushed in 2-3 days. If you're really lucky, one of the decoys he uses will be the one you connect from to admin the server :) Kevin _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
