On Tue, Jul 01, 2003 at 02:43:01PM +0300, Mycroft wrote: > On Tuesday 01 July 2003 10:13, Tzafrir Cohen wrote: > > TC>What happens if I spoof a portscan from a different address? Do you > TC>block it? Now what was the IP of your DNS server? > TC> > That's what the "preprocessor portscan2-ignorehosts:" and "preprocessor > portscan-ignorehosts:" sections in the /etc/snort/snort.conf file are for. > The issue of spoofed scan isn't really a big deal at all as you can't get the > results of the scan delivered to your box.
And suppose I don't really need the results of those scan? And this is all done just to make you block some computers? What traffic can someone make you drop? -- Tzafrir Cohen +---------------------------+ http://www.technion.ac.il/~tzafrir/ |vim is a mutt's best friend| mailto:[EMAIL PROTECTED] +---------------------------+ ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
