> This may have already been mentioned, but take a look at a program called
> portsentry (find it on freshmeat).
> It will detect when someone runs a port scan on you, and then it will
> automatically drop them into hosts.deny file, or better yet, it will add a
> rule to ipchains which will automatically block their IP from accessing your
> system. it has great logging features, as well.
Looking at a history of port scanning to my net I see no repeats from
the same source IPs.
As far as I can tell the best defence is deny all except those you want
to let through. Then keep your software current with the latest
security
fixes.
After that, send a polite message to the admins of any site that port
scans you. This does wonders for the numbers of scanns hitting one's
site.
--
| Bryan Andersen | [EMAIL PROTECTED] | http://softail.visi.com |
| Buzzwords are like annoying little flies that deserve to be swatted. |
| -Bryan Andersen |
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
