I run my own dns and email so blocking these ip's that are scanning me are no problem.
On Fri, 2002-11-01 at 11:16, Todd Lyons wrote: > Chad wrote on Fri, Nov 01, 2002 at 01:49:41PM -0500 : > > I remember reading an article in Linux Journal or something like that that > > explained how to setup snort or some other software package to automatically > > detect a port scan in progress and then to automatically block any other > > connection attempts by that IP address. It automatically creates a block > > using iptables/ipchains so there is no hacking risk if they portscan you > > first because their IP will be blocked. That is, unless they on on DHCP / > > There's a downside to it. Suppose some legitimate server sends you data > that the monitor considers to be a scan. All of a sudden your machine > is blocking that IP. What if that IP happened ot be your DNS servers, > or your mail server? It happens. You're creating a guaranteed Denial > of Service ... against yourself. > > They're great for home use, useless on a production site. > > Blue skies... Todd > -- > | MandrakeSoft USA | Security is like an onion. It's made | > | http://www.mandrakesoft.com | made up of several layers and makes | > | http://www.mandrakelinux.com | you cry. --Howard Chu | > Cooker Version mandrake-release-9.1-0.1mdk Kernel 2.4.19-18mdk
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
