Steve Lamb wrote:
Gnu-Raiz wrote:
People like me rely on the ISP for their dhcp ip address, so
why would a ISP allow their routers to forward port scans to
their own ip address net blocks?
Becausee, strictly speaking, port scans are harmless. Ooooh, you have
open ports. Scary!
Furthermore define a port scan vs. legitimate traffic where you get no
false positives. Not as easy as it sounds.
I agree, Portscans themselves are not the main problem. My original
problem were extremely ofthen repeating ssh brute force attacks (almost
all the time for many days). I just looked into the iana port number
table for free ports and moved the sshd port to a high port number >
20000. Now the brute forcing has stopped. Of course, this does not
really increase the security of ssh, but it keeps the logs way cleaner
and shorter. Now i just get mail from logcheck about real user logins. I
learned that i could use portsentry to protect against portscans, which
sould make things much more difficult for potential attackers. I didnt
yet install portstentry because i dont have the time to read the docs
and i dont think it is really necessary. Maybe i will do it just out of
curiosity to learn about the technology of portscan detection when i
find the time.
Greetings,
Thomas
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]