Cole Tuininga wrote:
>
> "Kenneth E. Lussier" wrote:
> > With that said, my recommendations are :
> > 1) Take a look at PortSentry (http://www.psionic.com/abacus/), or the
> > entire abacus suite of tools. It watches your ports, and it can block IP
> > addresses on the fly. I have my system to set up as soon as someone hits
> > port 0.
> [snip]
>
> On this note, what exactly is the nature of port 0? I've heard that on
> some forms of network equipment, it can be/has been used for denial of
> service attacks? I see no mention of it in /etc/services.
>
> Is there something special about it?
>
> -Cole
Port 0 is an illegal port. AFAIK, you can't actually connect to it.
However, most of the script-kiddie port scanners try to scan ports
0-65535. So, I block them when they hit 0, and they basically waste an
hour for the scanner to run, only to find out that they didn't get
anything.
Kenny
--
Kenny Lussier
Systems Administrator
Mission Critical Linux
***********************************
The road to happiness is paved
with potholes. The road to
Hell is paved with good intentions.
Does the DPW know about this??
***********************************
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
