On Thursday 11 April 2002 05:12 pm, Kevin D wrote: > > > Gerald, you can specify exactly which ports you want it to listen to. > > >By allowing it to bind to ports that you don't use and would probably > > >otherwise block with IPCHAINS, iptables, etc. is that hopefully you'll > > >catch a hacker doing a port scan before they get to one of your active > > >ports running real services and automatically drop their traffic in your > > >firewall. > > And then when the hacker does a decoy scan you get hundreds of innocent ips > blocked from your server. And hey, if the hacker discovers what you're > doing, he can just send more decoys until your server is pretty much shut > down to the outside world, until the rules get flushed in 2-3 days. > > If you're really lucky, one of the decoys he uses will be the one you > connect from to admin the server :) >
Interesting!!! I think it can do more harm then good.... A real hacker is going to go after exploitable processes that you are running, ftp, telnet, ssh, named, http -- Gerald Waugh : Registered Linux user # 255245 http://www.frontstreetnetworks.com Front Street Networks LLC - ph. 203.785.0699 229 Front Street, Ste. #C, New Haven, CT, United States of America 7:19pm up 21 days, 2:44, 3 users, load average: 0.97, 1.09, 1.31 _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
