Hello, I was recently working on a remote server, playing with mysql. Anyway. I wanted to see what ports were open, and nmaped the box.:) They machine had portsentry running, and it dropped my connection *AND* put my ip in the hosts.deny. Isn't this a little bit harsh? Or is it good practise? My IDS at home bans for a couple days, but not infintely. that got me thinking.. what is the better practise?
as a side note, I have my firewall/router blocking pings. That seems to have reduced the triggering the IDS.. is this just following the premise that the scriptkiddies won't touch what they can't see? Ciao! Karel
