Re: iptables Timed Port Block?
From: Kasper Dupont (kasperd@daimi.au.dk)
Date: 02/27/03
- Next message: teddy: "Re: grsecurity & modprobe problem"
- Previous message: David: "Re: Apache log entries"
- In reply to: Tantor: "iptables Timed Port Block?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Kasper Dupont <kasperd@daimi.au.dk> Date: Thu, 27 Feb 2003 21:10:04 +0100
Tantor wrote:
>
> What I want to be able to do is open port 21 and as soon as a computer scans
> that port I want something that reads its ip and drop all further packets
> from that person for x amount of time. Since nothing is using port 21 if
> something does scan it then I have to assume that its for an attack of
> somekind, so I figure it would be a good idea to just block everything from
> that IP for awhile.
Sounds like a bad idea. You are making yourself vulnurable to DoS attacks.
And notice that unless you install a honeypot or something similar on the
port, you will never know, if the packet is really a part of an attack, or
just a result from a typo, misconfiguration, or other mistake.
-- Kasper Dupont -- der bruger for meget tid på usenet. For sending spam use mailto:aaarep@daimi.au.dk for(_=52;_;(_%5)||(_/=5),(_%5)&&(_-=2))putchar(_);
- Next message: teddy: "Re: grsecurity & modprobe problem"
- Previous message: David: "Re: Apache log entries"
- In reply to: Tantor: "iptables Timed Port Block?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
