[Dshield] Weird portscan? (linux fw)
micheal at cancercare.net
Fri May 10 12:43:58 GMT 2002
Abacus Port Sentry will blackhole portscans if you configure it to do so.
It's not on by default but the option is available.
Cancer Care Network
----- Original Message -----
From: "Stephane Grobety" <security at admin.fulgan.com>
To: "Clint Byrum" <list at dshield.org>
Sent: Friday, May 10, 2002 3:00 AM
Subject: Re: [Dshield] Weird portscan? (linux fw)
> CB> I personally feel that if you are running any kind of services, not
> CB> clients, then the "automated blocking" features of some firewalls out
> CB> there is a bad thing. Spoofing is for real, and it is all too easy to
> CB> DoS huge portions of the net from your services just by randomly
> CB> portscanning you from spoofed addresses. This is, however, just my
> CB> opinion. Some people see this as an acceptable risk.
> I don't think any product will blacklist you for port scanning.
> BlackICE, for example, will do so only in case of real attempt and
> only if the protocol is TCP wich makes spoofing much, much more
> difficult (if not impossible).
> The only real problem is DNS which uses UDP.
> Best regards,
> Stephane mailto:security at admin.fulgan.com
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
More information about the list