[Dshield] Weird portscan? (linux fw)

Micheal Patterson micheal at cancercare.net
Fri May 10 12:43:58 GMT 2002

Abacus Port Sentry will blackhole portscans if you configure it to do so.
It's not on by default but the option is available.


Micheal Patterson
Network Administration
Cancer Care Network

----- Original Message -----
From: "Stephane Grobety" <security at admin.fulgan.com>
To: "Clint Byrum" <list at dshield.org>
Sent: Friday, May 10, 2002 3:00 AM
Subject: Re[2]: [Dshield] Weird portscan? (linux fw)

> CB> I personally feel that if you are running any kind of services, not
> CB> clients, then the "automated blocking" features of some firewalls out
> CB> there is a bad thing. Spoofing is for real, and it is all too easy to
> CB> DoS huge portions of the net from your services just by randomly
> CB> portscanning you from spoofed addresses. This is, however, just my
> CB> opinion. Some people see this as an acceptable risk.
> I don't think any product will blacklist you for port scanning.
> BlackICE, for example, will do so only in case of real attempt and
> only if the protocol is TCP wich makes spoofing much, much more
> difficult (if not impossible).
> The only real problem is DNS which uses UDP.
> --
> Best regards,
>  Stephane                            mailto:security at admin.fulgan.com
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:

More information about the list mailing list