who said a regular portscan is illegal? and the portscans that are, surely, you can catch those because they are too brutish.
besides, if its so slow, then it shouldn't make a dent on your server performance. * - * - * Tzahi Fadida [EMAIL PROTECTED] Technion Email: [EMAIL PROTECTED] * - * - * - * - * - * - * - * - * - * WARNING TO SPAMMERS: see at http://members.lycos.co.uk/my2nis/spamwarning.html > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of josh > Sent: Tuesday, July 01, 2003 4:47 PM > To: Aviram Jenik > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: Snort - iptables addon > > > On Tue, 1 Jul 2003, Aviram Jenik wrote: > > > "Idle scan" will actually work quite nicely here (I'm sure one of the servers > > written above has its idle moments), but that's not the way I would approach > > it as an attacker. > > Your IDS will not block a simple connect scan (AFAIR snort does not save > > packets and does not know that this is the 10,000th port in a row you are > > trying to reach) > > Hi Aviram, > FYI the portscan2 preprocessor on snort 2.0 tracks connection states. > > >and even if it would, it is usually possible to evade it by > > scanning slowly enough. > > This is true. > > > > > > > -- > - Josh > > 94 F8 9F 3E 9A DB 6E FC F8 17 F1 B4 C7 51 CB AA ~. .~ Tk Open Systems > =}------------------------------------------------ooO--U--Ooo------------{= > - [EMAIL PROTECTED] - tel: +972.58.520.636, http://www.tkos.co.il > > > > ================================================================= > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > > > > ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
