Security Incidents mailing list archives
Re: scan log and subsequent response from the host's ISP
From: sigipp () WELLA COM BR (sigipp () WELLA COM BR)
Date: Mon, 10 Jul 2000 09:56:40 -0300
Hi,
if so to reason,in short time all of domains will be blocked. It's no way ! We should make a dynamic mechanism for struggle with wreckers Do you have any ideas with ?
basically i already wrote about an idea about this. What about the following: 1. Accept a certain amount of scans. 2. If the amount of scans exceeds that, slow them down (put them in a lower priority queue) until the amount of scans again matches the acceptable maximum. 3. On amount of scans beeing under some minimum thresold, put them back into the normal priority queue. Or une step further to normality. Should be no problem with newer Linux kernels. Cisco routers should have a similar option. Greetings Siegfried Gipp
Current thread:
- Anyone ever heard of "rlumkaus" virus/bug/trojan/backdoor?, (continued)
- Anyone ever heard of "rlumkaus" virus/bug/trojan/backdoor? Litscher, Steven (Jul 21)
- Sudden increase in scans. Rune Kristian Viken (Jul 20)
- Re: Sudden increase in scans. Aaron Kelley (Jul 24)
- Wierd Windows 98 bug? Mark Collins (Jul 20)
- Port 38293 Tim H (Jul 21)
- Re: Port 38293 Talisker (Jul 22)
- Re: scan log and subsequent response from the host's ISP StrmShdw (Jul 08)
- Re: scan log and subsequent response from the host's ISP Pauel Loshkin (Jul 10)