On Fri, Nov 19, 2010 at 8:53 PM, Mark Foster <m...@foster.cc> wrote: >> > http://sourceforge.net/projects/sentrytools/ > Ok I was reading some thing more about guides available on internet here I found a useful page http://www.ossramblings.com/using_iptables_rate_limiting_to_prevent_portscans but for the above link some one suggested me
"if you do go down this path then you should make sure you have TCP SYN cookies enabled (while understanding the implications), and that your rules match SYN packets specifically (not just packets in state NEW). Otherwise, you'd have created a brand new denial-of-service vulnerability on your server." Is that correct? What is the harm in going the IPTABLES way of stopping port scans.(I have rate limited IPTABLES) -- http://mightydreams.blogspot.com -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam