Paul,
> Why is it that after SUN'S new "TCP Hardening" patch and the 8+ new > services running on my box now that when you goto "Action Against Detected > Scans" and select "Log and Block" you get a message saying " if you enable > this option you will be open to DOS attack's! ?. IP address spoofing. If someone sends altered TCP packets to your server, under certain conditions it could block itself off from the rest of the world, hence a DOS. An example might be to spoof the IP addresses of DNS servers that serve domains on a web server. If you need to understand this better, have a look at the following portsentry guide and scroll down to the section starting "A bit of warning about indiscriminantly blocking IP addresses because of suspicious scans"... http://online.securityfocus.com/infocus/1586 Different product, same potential risk. That risk is probably very small, but the consideration has to be made if you turn on any kind of service that automatically blocks IP addresses. -- Regards, Jonathan Michaelson Commercial CGI Scripting, Web Hosting Web-based Email, Homepage Creation and Live Help products http://www.webumake.com _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
