On 2/9/06, Chris [EMAIL PROTECTED] wrote:
On 07/02/06, David Scheidt [EMAIL PROTECTED] wrote:
On Tue, Feb 07, 2006 at 12:40:22AM +0200, Atis wrote:
On Sun, 5 Feb 2006 18:55:13 -0500
David Scheidt [EMAIL PROTECTED] wrote:
Nonsense. There may be some people that only scan
On 07/02/06, David Scheidt [EMAIL PROTECTED] wrote:
On Tue, Feb 07, 2006 at 12:40:22AM +0200, Atis wrote:
On Sun, 5 Feb 2006 18:55:13 -0500
David Scheidt [EMAIL PROTECTED] wrote:
Nonsense. There may be some people that only scan well-known ports,
but it's much more common to scan
On Sun, 5 Feb 2006 18:55:13 -0500
David Scheidt [EMAIL PROTECTED] wrote:
Nonsense. There may be some people that only scan well-known ports,
but it's much more common to scan every port on a machine. If you're
running a server on a non-standard port, an attacker will find it.
sure, but
On Tue, Feb 07, 2006 at 12:40:22AM +0200, Atis wrote:
On Sun, 5 Feb 2006 18:55:13 -0500
David Scheidt [EMAIL PROTECTED] wrote:
Nonsense. There may be some people that only scan well-known ports,
but it's much more common to scan every port on a machine. If you're
running a server on
I was wondering if there's some sort of port available that can actively ban
IPs that try and bruteforce a service such as SSH or Telnet, by scanning the
/var/log/auth.log log for Regex such as Illegal User or LOGIN FAILURES,
and then using IPFW to essentially deny (ban) that IP for a certain
I find this kind of approach is treating the symptom and not the
cause.
The basic problem is the services have well published port numbers
and attackers beat on those known port numbers. A much simpler
approach is to change the standard port numbers to some high order
port number. See
On 2/5/06, fbsd_user [EMAIL PROTECTED] wrote:
I find this kind of approach is treating the symptom and not the
cause.
The basic problem is the services have well published port numbers
and attackers beat on those known port numbers. A much simpler
approach is to change the standard port
be meaningless.
Please check your facts before commenting.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Daniel A.
Sent: Sunday, February 05, 2006 4:58 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; Michael A. Alestock
Subject: Re: IP Banning (Using IPFW
: IP Banning (Using IPFW)
On 2/5/06, fbsd_user [EMAIL PROTECTED] wrote:
I find this kind of approach is treating the symptom and not the
cause.
The basic problem is the services have well published port numbers
and attackers beat on those known port numbers. A much simpler
approach
On Sun, Feb 05, 2006 at 05:38:11PM -0500, fbsd_user wrote:
You missed to whole meaning.
Attackers only scan for the published service port numbers,
that is what is meant by portscan the box.
Those high order port numbers are dynamically
used during normal session conversation.
So any
10 matches
Mail list logo