[ILUG] Detecting a port scan attempt on my machine.
Paul J Collins
sneakums at zork.net
Tue Mar 6 12:48:25 GMT 2001
>>>>> "DOC" == Donncha O Caoimh <donncha.ocaoimh at tradesignals.com> writes:
DOC> Yup, my article on CLUG talks about this. You can make
DOC> Portsentry act as a black hole to portscanners. They simply
DOC> don't see the machine when it's port scanned! Some of the web
DOC> based portscanning sites recommend changing the default from
DOC> "deny"ing packets to "reject"ing packets which has
DOC> implications others can tell us about..
If you use REJECT, your host will return a destination unreachable,
thus betraying its presence. If you use DENY (now called DROP in
iptables/netfilter) it just vanishes.
"Pity has no place at my table."
-- Dr Hannibal Lecter
More information about the ILUG