If an attacker uses decoy mode you will be hit by 10 different source
addresses and only one is from the attacker itself. If you do a reverse
scan you will hit 9 addresses for which you appear to be an attacker.
My recommendation: secure your box and let them scan. A port scan is f*
boring if you find nothing.
Eric <[EMAIL PROTECTED]> writes:
> Suppose we set up a firewall that, when it detects
> a port scan, would spoof the source address and
> perform a port scan against the port scanner's ISP?
> That way, the ISP would see a port scan coming
> from one of his own customers and would be more
> likely to take an active interest in putting a
> stop to it.
>
have fun ...
--
=========================================================================
Peter Bruderer mailto:[EMAIL PROTECTED]
Bruderer Research GmbH Tel ++41 52 620 26 53
IT Security Services Fax ++41 52 620 26 54
CH-8200 Schaffhausen http://www.bruderer-research.com
=========================================================================
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
