Nmap Announce mailing list archives
Re: how to know scan is correct?
From: Bennett Todd <bet () rahul net>
Date: Thu, 10 Feb 2000 10:47:11 -0500
2000-02-10-01:09:22 Justin:
That's why you have a iptables/whatever module that listens looks for syns to non-open ports, logs once, then filters the offending ip/netmask for 30 minutes or a few days if you're particularly fascist.
If you're going to do any such reactive firewall stuff as this, make very sure nobody knows you're doing it; if they know you're doing that, it's amazingly easy for them to cut you off from any or all of the internet. Lessee, how long would it take to send SYN packets to closed ports with source addrs forged from all the root nameservers. -Bennett
Attachment:
_bin
Description:
Current thread:
- Re: how to know scan is correct? Marcy Abene (Feb 09)
- Re: how to know scan is correct? Justin (Feb 09)
- Re: how to know scan is correct? Bennett Todd (Feb 10)
- Re: how to know scan is correct? Justin (Feb 11)
- Re: how to know scan is correct? Bart van Leeuwen (Feb 11)
- Re: how to know scan is correct? Mikael Olsson (Feb 11)
- Re: how to know scan is correct? Bennett Todd (Feb 10)
- Re: how to know scan is correct? Bart van Leeuwen (Feb 10)
- Re: how to know scan is correct? Eric Hankins (Feb 11)
- Re: how to know scan is correct? Justin (Feb 09)
- Re: how to know scan is correct? $eeweed (Feb 10)
- Re: how to know scan is correct? Enrico Demarin (Feb 11)