Security Incidents mailing list archives
Re: Ok, we've been scanned.. ..now what!
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Tue, 8 Aug 2000 13:43:04 -0400
On Mon, 07 Aug 2000 16:44:53 PDT, "Steven M. Klass" <sklass () ANDIGILOG COM> said:
this. I was thinking about possibly implementing a dynamic ipchains protocol that sees a scan and after n times blocks that idiot for a week or
portsentry is your friend. ;)
so, on all ports. Does anyone have such a beast that would like to share that with me? I also thought about more devious things, like nmaping the moron and flooding his available ports.. Fight fire with fire.. Any ideas?
This is a Bad Idea, especially if you get spoofed source addresses - if you accidentally nmap www.whitehouse.gov, you'll probably be having to explain yourself to guys in dark suits and no senses of humor. ;) -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
Attachment:
_bin
Description:
Current thread:
- Ok, we've been scanned.. ..now what! Steven M. Klass (Aug 08)
- Re: Ok, we've been scanned.. ..now what! Ben Laws (Aug 09)
- Re: Ok, we've been scanned.. ..now what! Bill Pennington (Aug 09)
- Re: Ok, we've been scanned.. ..now what! Valdis Kletnieks (Aug 09)
- <Possible follow-ups>
- Re: Ok, we've been scanned.. ..now what! Robert Bussey (Aug 09)