Hogwash looks at the content of the packets to determine wether to block it.. not just where the packet was headed...
might be a better solution... could almost see it one day being like the antivirus progs are now... rgds Frank -----Original Message----- From: [EMAIL PROTECTED] [mailto:todd@;mandrakesoft.com]On Behalf Of Todd Lyons Sent: Saturday, 2 November 2002 3:16 AM To: [EMAIL PROTECTED] Subject: Re: [expert] portscans Chad wrote on Fri, Nov 01, 2002 at 01:49:41PM -0500 : > I remember reading an article in Linux Journal or something like that that > explained how to setup snort or some other software package to automatically > detect a port scan in progress and then to automatically block any other > connection attempts by that IP address. It automatically creates a block > using iptables/ipchains so there is no hacking risk if they portscan you > first because their IP will be blocked. That is, unless they on on DHCP / There's a downside to it. Suppose some legitimate server sends you data that the monitor considers to be a scan. All of a sudden your machine is blocking that IP. What if that IP happened ot be your DNS servers, or your mail server? It happens. You're creating a guaranteed Denial of Service ... against yourself. They're great for home use, useless on a production site. Blue skies... Todd -- | MandrakeSoft USA | Security is like an onion. It's made | | http://www.mandrakesoft.com | made up of several layers and makes | | http://www.mandrakelinux.com | you cry. --Howard Chu | Cooker Version mandrake-release-9.1-0.1mdk Kernel 2.4.19-18mdk
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
