Re: SSH IP Blocking

From: James Riden (s0197800@dai.ed.ac.uk)
Date: 04/18/02


From: James Riden <s0197800@dai.ed.ac.uk>
Date: 18 Apr 2002 17:04:42 +0100

Tim Haynes <usenet@stirfried.vegetable.org.uk> writes:

> You're going to get *FAR* more one-port single-SYN scans, or occasional
> SYN+FIN scans, and never hear from the IP# again. Unless you *really* know
> better, I suggest you're going to waste your firewall rules on folks who're
> never coming back - do let me know if you get anything like >1% repeat
> offenders, right?

If you don't mind blocks instead of individual IPs, t-online and
wanadoo are far above 1%.
 
cheers,
 Jamie

-- 
James Riden / james.riden@ed.ac.uk
My opinions are my own, not the University's.
"When in Rome; burn it." -- GCU Arbitrary