Security Incidents mailing list archives

Re: Ok, we've been scanned.. ..now what!

From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Tue, 8 Aug 2000 13:43:04 -0400

On Mon, 07 Aug 2000 16:44:53 PDT, "Steven M. Klass" <sklass () ANDIGILOG COM>  said:

this.  I was thinking about possibly implementing a dynamic ipchains
protocol that sees a scan and after n times blocks that idiot for a week or


portsentry is your friend. ;)

so, on all ports.  Does anyone have such a beast that would like to share
that with me?  I also thought about more devious things, like nmaping the
moron and flooding his available ports..  Fight fire with fire..  Any ideas?


This is a Bad Idea, especially if you get spoofed source addresses - if
you accidentally nmap www.whitehouse.gov, you'll probably be having to
explain yourself to guys in dark suits and no senses of humor. ;)

--
                                Valdis Kletnieks
                                Operating Systems Analyst
                                Virginia Tech

Attachment: _bin
Description:

Current thread:

Ok, we've been scanned.. ..now what! Steven M. Klass (Aug 08)
- Re: Ok, we've been scanned.. ..now what! Ben Laws (Aug 09)
- Re: Ok, we've been scanned.. ..now what! Bill Pennington (Aug 09)
- Re: Ok, we've been scanned.. ..now what! Valdis Kletnieks (Aug 09)
- <Possible follow-ups>
- Re: Ok, we've been scanned.. ..now what! Robert Bussey (Aug 09)