McEwen, Don (NCI) wrote:
> He has a firewall in place. I think the question here is what
> do you do about the scans that continue to come, but don't get through ?
>
> The scans will continue to come, even if you lock the doors. In
> my experience, one out of 40-50 contacts will even get back, and
> none ever gave me any good information about the person that was
> trying to attack me, or even just queries that were obvious
> misconfigurations I never heard back on.
The really unfortunate part is that it's illegal to write a script that
watches your syslog info and floods anyone who attempts to hit more than
fifty sequential ports or something. It's reminiscent of the old west,
except that the sherrifs can be god when they want to (IE, see
everything) but generally in archetypical western movie fashion are
completely capable of looking the wrong way at the wrong times. Then
again, this draws a strong parallel to the police in meatspace...
You're right, you can't do anything about port scans. Besides which,
checking to see if someone's doorknob is unlocked isn't strictly
illegal, and it's hard to show that someone port scanning is more
intrusive than that.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
