Would this have any effect on the more common case of attackers scanning for a single open port? Or a slower distributed scan? I don't believe I've ever seen a full portscan in my logs. They tend to be looking for the latest BIND/FTP/HTTP flaw. And mostly win32 worms at that :)
Also - from the description on the website portsentry seems to work only on inactive ports... Adam On Thu, 17 Jan 2002 [EMAIL PROTECTED] wrote: > Hi, > > that would be portsentry > http://www.psionic.com/abacus/portsentry/ > > I also believe that there is a built in function in iptables doing this. > > Kind regards > Robert Karlsson
