Well I'm not securing a corporate web server here, most probably if i were, I'd choose other means of security responce. Leaving it to professionals is always a good idea :)). This box is my networked workstation at home, and i don't have open server ports. I'm merely dealing with a number of script kiddies that think scanning and DOSing people they meet on IRC channels makes them all-powerful. If one of them is good enough to initiate an idle scan using my ISP's DNS servers (which i find rather difficult, it looks like they use these servers for a bunch of other network tasks around the clock) or even better, take over these servers, I'd let him scan my non-existant open ports till he drops his head on the keyboard. It's security against the effectiveness question...however I would like to hear your opinion about your choice of firewall/IDS for a home user, if you are already nailing me to the stake :)I think you missed Aviram and Tzafrir's point. They are not launching idle scan spoofed from Netvision's DNS in order to know what ports are open on your machine. They are launching a very aggressive port scan spoofed to come from Netvision's DNSes, knowing full well they will not receive any of the results, so that your automatic retaliation block Netvision's DNSes, and effectively DoS your internet connectivity. The DoS is not created by the script kiddies. It is done by your own firewall, thinking it is protecting you.
The bottom line is this - if you have no open source, why do you care whether you are scanned?
This mail brought to you by the person responsible for Check Point not sporting any easy-to-configure automatic retaliation system, under the premesis that they cause far more damage than use.
Shachar
-- Shachar Shemesh Open Source integration consultant Home page & resume - http://www.shemesh.biz/
================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
