Harry Putnam wrote:
> "Michael H. Warfield" <[EMAIL PROTECTED]> writes:
>
> > My systems detect port scanning and simply shut down the firewall
> > to the scanner. My entire /19 address space goes dark and the automated
> > scanner leaves with the conclusion that there is nothing there. It
> > finds nothing to log and wanders on into the night. :-)
>
> Can you describe this `shut down' process. Especially if it is
> simple as you say, maybe describe in detail how to accomplish this.
I use portsentry to do this. With the Advanced Stealth mode or what ever it
is called, if a scan occurs on a port assigned to an unused service
portsentry will add it to the hosts.deny and add an ipchains rule denying all
packets from the sender.
Bret
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
