I've always thought it interesting to have a machine automatically portscan an ip
address that it detects is scanning it.
On Sat, Jan 06, 2001 at 10:44:40PM -0800, Michael Smith wrote:
> That's what I do--just reject all packets from the suspect box. That way, I don't
>have to worry about it too much. There's also the capability to run an external
>script. The Debian version of portsentry
> has a big disclaimer about how this is not recommended, since it is destructive. and
>just plain wrong. Let your conscience be your guide, heh heh.
>
> Cory Petkovsek wrote:
>
> > Portsentry should be default configured to just drop packets. This will produce
>the same affect as redirecting to a non existent IP. Yet, you don't have to worry
>about that IP being used in the future.
> >
>
> --
> Michael J. Smith [EMAIL PROTECTED]
> 2250 Patterson #25 Eugene, OR 97405
> (541)346-7562
>
