On Sun, 4 Jun 2000, Todd wrote:
> detects a probe (i have it configured to add a rule to ipchains to deny
> packets from that sender, but the response is configurable).
It's been discussed here in length before, but it's worth repeating...
Denying packets based on scans can leave you open to Denial of Service
attacks, especially for packets forged from DNS boxes, common electronic
mail gateways, etc.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
