[Dshield] Weird portscan? (linux fw)

Micheal Patterson micheal at cancercare.net
Fri May 10 12:43:58 GMT 2002


Abacus Port Sentry will blackhole portscans if you configure it to do so.
It's not on by default but the option is available.

--

Micheal Patterson
Network Administration
Cancer Care Network


----- Original Message -----
From: "Stephane Grobety" <security at admin.fulgan.com>
To: "Clint Byrum" <list at dshield.org>
Sent: Friday, May 10, 2002 3:00 AM
Subject: Re[2]: [Dshield] Weird portscan? (linux fw)


> CB> I personally feel that if you are running any kind of services, not
just
> CB> clients, then the "automated blocking" features of some firewalls out
> CB> there is a bad thing. Spoofing is for real, and it is all too easy to
> CB> DoS huge portions of the net from your services just by randomly
> CB> portscanning you from spoofed addresses. This is, however, just my
> CB> opinion. Some people see this as an acceptable risk.
>
> I don't think any product will blacklist you for port scanning.
>
> BlackICE, for example, will do so only in case of real attempt and
> only if the protocol is TCP wich makes spoofing much, much more
> difficult (if not impossible).
>
> The only real problem is DNS which uses UDP.
>
>
> --
> Best regards,
>  Stephane                            mailto:security at admin.fulgan.com
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>




More information about the list mailing list