I was curious as to the speed that ipchains and ipfwam take effect. I
have a port scan detection program that I was playing around with in my
new... lets see if I can make my box secure enough to face the real
world... Actualy a friend at college just got his box cracked and it got
royaly screwed up...
I am trying to block those anoying portscans with a scan detector.
Right now I am experimenting with "sentry" which is setup by default to
kick in a new routing entry as soon as it detects a scan. My only
complaint is that it isn't fast enough. I used a stupid little perl
script to scan from 1-1024 as fast as possiable and I got through them all
before the routing entry did a thing. Admitedly the next scan returned
nothing. What good does this do if he's got another ip? he had the
chance to scan.
The other method of blocking is with ipfwadm... I was wondering
if this would be any faster? Or is sentry just to slow... if so what
should I use?
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
