Barry Spindler on Thu, 8 Mar 2001 22:33:56 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] portmap and other things


On Thu, Mar 08, 2001 at 03:24:21PM -0500, gabriel rosenkoetter wrote:
> I still say that seeing what would have come *after* the portscan
> completed is more educational than seeing the portscan is, and you
> won't ever see that if you blackhole the host (because the attacker,
> automated or not, won't bother to try).

portsentry can be configured to NOT block attackers and just log it
(in fact, blocking is disabled by default in the Debian package).
This way the (possible) attack would be logged and then action could
be taken by an admin, another program, etc.


-- 


______________________________________________________________________
Philadelphia Linux Users Group       -      http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug