"Mike Vanecek" <[EMAIL PROTECTED]> wrote: > I then have the choice of putting that ip address (or > range) into a permanent ip firewall block.
Are you using IPCHAINS to block the IPs, your router or something else? How many IPs or subnets are you blocking at any given time and do you find that affects performance? My philosophy is generally to only block IPs for a short period of time (hours or days). I base that on my experience that most portscans and hacking attempts are from dialup IPs or rooted machines so the threat from those IPs after a short period of time seems to be much less. Any thoughts? -- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/ _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
