On Tuesday 01 July 2003 15:18, Aviram Jenik wrote: AJ> AJ>(if my irony went undetected, I would really recommend against this AJ>hair-triggered blocking system) AJ>
Hmm, I am a big fan of constructive feedback. Don't we all? AJ>"Idle scan" will actually work quite nicely here (I'm sure one of the servers AJ>written above has its idle moments), but that's not the way I would approach AJ>it as an attacker. AJ>Your IDS will not block a simple connect scan (AFAIR snort does not save AJ>packets and does not know that this is the 10,000th port in a row you are AJ>trying to reach) and even if it would, it is usually possible to evade it AJ>by scanning slowly enough. Well I'm not securing a corporate web server here, most probably if i were, I'd choose other means of security responce. Leaving it to professionals is always a good idea :)). This box is my networked workstation at home, and i don't have open server ports. I'm merely dealing with a number of script kiddies that think scanning and DOSing people they meet on IRC channels makes them all-powerful. If one of them is good enough to initiate an idle scan using my ISP's DNS servers (which i find rather difficult, it looks like they use these servers for a bunch of other network tasks around the clock) or even better, take over these servers, I'd let him scan my non-existant open ports till he drops his head on the keyboard. It's security against the effectiveness question...however I would like to hear your opinion about your choice of firewall/IDS for a home user, if you are already nailing me to the stake :) -- Sincerely Yours, Vasiliev Michael NP: Enya - A Day Without Rain - 01 - A Day Without Rain ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
