On Tue, Aug 29, 2006 at 05:50:56PM +0200, [EMAIL PROTECTED] wrote: > block drop in log quick on $ext_if os NMAP overload <nmapscanners> flush
This is a bad idea, because nmap scans can be trivially spoofed (nmap provides a command line option to do this), resulting in a simple denial of service attack. We have the overload table for tcp connections because the handshake makes us reasonably confident that the packets are not spoofed.