on 11/8/01 2:37 PM, Karel Jennings at [EMAIL PROTECTED] wrote: > Hello, I was recently working on a remote server, playing with mysql. > Anyway. I wanted to see what ports were open, and nmaped the box.:) They > machine had portsentry running, and it dropped my connection *AND* put my ip > in the hosts.deny. Isn't this a little bit harsh? Or is it good practise? My > IDS at home bans for a couple days, but not infintely. that got me > thinking.. what is the better practise? > > > as a side note, I have my firewall/router blocking pings. That seems to have > reduced the triggering the IDS.. is this just following the premise that the > scriptkiddies won't touch what they can't see? > > Ciao! > > Karel > > By placing any ip address that probes you into host.deny, leaves you wide open to DOS attacks.
-Jason