[Dshield] Weird portscan? (linux fw)

Stephane Grobety security at admin.fulgan.com
Fri May 10 08:00:51 GMT 2002


CB> I personally feel that if you are running any kind of services, not just
CB> clients, then the "automated blocking" features of some firewalls out
CB> there is a bad thing. Spoofing is for real, and it is all too easy to
CB> DoS huge portions of the net from your services just by randomly
CB> portscanning you from spoofed addresses. This is, however, just my
CB> opinion. Some people see this as an acceptable risk.

I don't think any product will blacklist you for port scanning.

BlackICE, for example, will do so only in case of real attempt and
only if the protocol is TCP wich makes spoofing much, much more
difficult (if not impossible).

The only real problem is DNS which uses UDP.


-- 
Best regards,
 Stephane                            mailto:security at admin.fulgan.com




More information about the list mailing list