Portsentry should be default configured to just drop packets. This will produce the
same affect as redirecting to a non existent IP. Yet, you don't have to worry about
that IP being used in the future.
Cory
On Sat, Jan 06, 2001 at 09:55:05PM -0800, Rob Hudson wrote:
> Looking at some portsentry stuff.
>
> It looks like you can do a simple redirect on someone. It was
> suggested to me that a good way to deal with a portscan is to redirect
> to an IP that has nothing on the other end, so the person portscanning
> times out.
>
> What is a good IP number to accomplish this with? Will something like
> 127.0.0.255 work? Or will it have to be real? I'd hate to set up an
> IP and then someone get assigned to it and me have forgotten all about
> that.
>
> Also, it might be humorous to redirect to an IP that has some expert
> cracker or a gov't institution on the other end. Hehe. But will it
> appear to originate from my box or the port scanner's?
>
> -Rob
