On 8/3/05, Gideon N. Guillen <[EMAIL PROTECTED]> wrote: > Anything >= 1024 I guess. <1024 are usually standard ports used by > many services, so you might have false positives (attacks).
But if they become sophisticated, they could fast scan for TCP ports with the SSH signature. I think it's best to just drop the connection at the kernel (iptables) level except from trusted IPs. _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
