I remember reading an article in Linux Journal or something like that that explained how to setup snort or some other software package to automatically detect a port scan in progress and then to automatically block any other connection attempts by that IP address. It automatically creates a block using iptables/ipchains so there is no hacking risk if they portscan you first because their IP will be blocked. That is, unless they on on DHCP / Dial-Up / or using someone else's computer as their jump-off. However, it's better than nothing.
Unfortunately, I forgot what the software was, but I'm sure a good google search using some of the keywords I've mentioned will find it. Regards, Chad -----Original Message----- From: [EMAIL PROTECTED] [mailto:expert-owner@;linux-mandrake.com]On Behalf Of Bill Beauchemin Sent: Friday, November 01, 2002 12:54 PM To: [EMAIL PROTECTED] Subject: [expert] portscans I went and applied evry single security patch that mandrake had using MasndrakeUpdate and remembered I had Snort running. I found a huge portscan.log file and tooka look to find that the day before my system was hacked it was portscaned by one ip from Roadrunner. I sent them a nice email but my questionsis. What if anything can I do about all these portscans? Is there somewhere I can email to have these assholes delt with?
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
