On Tue, Jun 27, 2006 at 02:38:06PM -0500, Travis H. wrote: > There's some discussion there as to the wisdom of this, since scans > are trivially spoofed, it could lead to a DoS.
I'm usually on the side against blocking. My reasons, more or less in order: * It wastes time and resources * Possible DoS situations * It's ineffective (see below) Anyone really serious about getting into your site probably will be scanning with a botnet. You can block 30 machines, but they still find out what they wanted to know and use yet other machines to mount their attacks. I have not been attacked, but I've seen the onslaught of botnet scans (scans of a certain type occuring within a short time from diverse places). My conclusion is that your time is best spent securing the network and individual boxes, and less time blocking drive by shooters (who won't be back anyway). YMMV. -- Darrin Chandler | Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
