> I thought about portsentry as well, but found it's not a good idea to > block ports based on ip-addresses.
<snip> > Please correct me, if I understood portsentry wrong; I'm willing to > add it as soon as possible, if it's handling dynamic addresses > without problems. Port-sentry and similar atomatic firewall rule generators can usually be pretty easily converted into denial-of-service tools. Simply spew a bunch of packets with forged IP's at something like port-sentry, and a malicious individual can easily prevent you from accessing key portions of the internet. Also, your excellent points about users with changing IP's apply equally to virtually all dial-up users, who still make up the vast portion of end-users on the 'net. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
