> why do you allow anything beside the 'normal things' if you have to > block it on 'attack'? most would think a firewall setup doesn't > allow anything beside the needed and therefore has nothing to block > on demand beside that.
You're right and I already block unusual things... So, how can I block the attack once I've detected the scan ? > someone can perform a DoS against the access to your service for a > third party by triggering your blocking with spoofed packets. Right again ! And again, how can I prevent this from occuring ? Well, thanks for opening my eyes, I see this is not as simple as denying access. I'm about to try portsentry as I talk and it seems to stop the attacker before he starts the attack: when he tries to scan the FireWall. JF.
