mailing list archives
Re: how to know scan is correct?
From: Mikael Olsson <mikael.olsson () enternet se>
Date: Fri, 11 Feb 2000 11:28:52 +0100
Bennett Todd wrote:
filter the offending ip/netmask for 30 minutes or a few days
If you're going to do any such reactive firewall stuff as this, make
very sure nobody knows you're doing it; if they know you're doing
that, it's amazingly easy for them to cut you off from any or all of
the internet. Lessee, how long would it take to send SYN packets to
closed ports with source addrs forged from all the root nameservers.
This is exactly what Watchguard Firebox does. I tried
to raise a question along the same lines on the firewalls
list some time ago, but got flames for responses:
"You fool, they've been doing this for years, and we've
never had any problems."
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 105 50 Fax: +46 (0)660 122 50
Mobile: +46 (0)70 248 00 33
WWW: http://www.enternet.se E-mail: mikael.olsson () enternet se