> > I'm getting kind of tired of sending reports of
> > port scans and attempted break-ins to people who
> > don't really seem interested in doing something
> > about the problem. I always ask them to keep me
> > informed about how they deal with those
> > responsible, but very few have the courtesy to
> > actually do so. It leaves me wondering if they
> > did anything at all or if they just ignored the
> > problem.
> >
> > So something else is needed.
> >
> > Suppose we set up a firewall that, when it detects
> > a port scan, would spoof the source address and
> > perform a port scan against the port scanner's ISP?
> > That way, the ISP would see a port scan coming
> > from one of his own customers and would be more
> > likely to take an active interest in putting a
> > stop to it.
This may have already been mentioned, but take a look at a program called
portsentry (find it on freshmeat).
It will detect when someone runs a port scan on you, and then it will
automatically drop them into hosts.deny file, or better yet, it will add a
rule to ipchains which will automatically block their IP from accessing your
system. it has great logging features, as well.
davis
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
