This is fairly strange, since scanning ports 20-25 + OS fingerprint should have generated something like... 20-25 messages. My IDS tends to accumulate that amount of scans/exploits/other crap in about 2-3 hours. Your firewall must be invisible or something because when I say IDS I mean it is installed on both my home system and my work system. In any case, I get 20-100 port scans about once in ~2-3 days. There are a lot of idiots out there you know. To protect from single port scans use LaBrea.
On Wednesday 14 November 2001 03:21 pm, Tim Haynes wrote: > Dmitriy Kropivnitskiy <[EMAIL PROTECTED]> writes: > > [snip] > > > > how does this stop the scanner from identifying open ports? > > > > If you actually drop packets instead of rejecting them your port scanner > > will slow down to a crawl, since it has to wait for timeout on every try. > > Bzzzzzzt. > > Push out loads of packets to many hosts at one port per host, and just sit > back & wait for the responses; they'll tell you if they're listening. > Absolutely *nobody* does multi-port per host sweeps these days - to the > extent that I nmapped myself from ports 20-25 only, this morning, and it > occupied the greater amount of the firewall log for the last 24hrs. > > ~Tim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
