I'm getting kind of tired of sending reports of
port scans and attempted break-ins to people who
don't really seem interested in doing something
about the problem. I always ask them to keep me
informed about how they deal with those
responsible, but very few have the courtesy to
actually do so. It leaves me wondering if they
did anything at all or if they just ignored the
problem.
So something else is needed.
Suppose we set up a firewall that, when it detects
a port scan, would spoof the source address and
perform a port scan against the port scanner's ISP?
That way, the ISP would see a port scan coming
from one of his own customers and would be more
likely to take an active interest in putting a
stop to it.
Eric Johnson
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
