--- In [email protected], Dirk Tilger <[EMAIL PROTECTED]> wrote: > > Thinking about it again, you can protect yourself against nmap scans by > detecting the portscan (I'm sure there is sw around) and then closing > all the ports for the scanning host.
Yea, but that leaves the door open for potential DOS attacks when the scans are being relayed through zombies and your brilliant piece of software will block "innocent" hosts used as proxies for your scan. I agree with Brad, I think it's just not worth the effort irl situations. Just limit flooding and stuff like that and make sure your applications behind the ports are up to date and patched with the latest security patches. Another thing I'd worry about more these days is the web applications running on the web server. What good is a firewall when your buggy php/asp/perl code exposes your system to the whole world :) --m
