On Tuesday 01 July 2003 10:13, Tzafrir Cohen wrote: TC>What happens if I spoof a portscan from a different address? Do you TC>block it? Now what was the IP of your DNS server? TC> That's what the "preprocessor portscan2-ignorehosts:" and "preprocessor portscan-ignorehosts:" sections in the /etc/snort/snort.conf file are for. The issue of spoofed scan isn't really a big deal at all as you can't get the results of the scan delivered to your box. "Idle" scan won't work here either because my ISP's DNS servers are far from being idle with all the traffic going through. Basically the result of idle scan will be that all possible ports are open, that if the scanner itself will not warn you that the IP sequence numbers are not exactly close enough to each other. Comments?
-- Sincerely Yours, Vasiliev Michael NP: XMMS is not loaded. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
