mailing list archives
Re: how to know scan is correct?
From: Bennett Todd <bet () rahul net>
Date: Thu, 10 Feb 2000 10:47:11 -0500
That's why you have a iptables/whatever module that listens looks
for syns to non-open ports, logs once, then filters the offending
ip/netmask for 30 minutes or a few days if you're particularly
If you're going to do any such reactive firewall stuff as this, make
very sure nobody knows you're doing it; if they know you're doing
that, it's amazingly easy for them to cut you off from any or all of
the internet. Lessee, how long would it take to send SYN packets to
closed ports with source addrs forged from all the root nameservers.