Of course, the "Black hole" effect lasts only until the machine is rebooted.
>From then on, the input packets are denied by hosts.deny rules...
> -----Original Message-----
> From: Bret Hughes [SMTP:[EMAIL PROTECTED]]
> Sent: Monday, January 22, 2001 1:12 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Ramen worm & port activity
>
> Harry Putnam wrote:
>
> > "Michael H. Warfield" <[EMAIL PROTECTED]> writes:
> >
> > > My systems detect port scanning and simply shut down the
> firewall
> > > to the scanner. My entire /19 address space goes dark and the
> automated
> > > scanner leaves with the conclusion that there is nothing there. It
> > > finds nothing to log and wanders on into the night. :-)
> >
> > Can you describe this `shut down' process. Especially if it is
> > simple as you say, maybe describe in detail how to accomplish this.
>
> I use portsentry to do this. With the Advanced Stealth mode or what ever
> it
> is called, if a scan occurs on a port assigned to an unused service
> portsentry will add it to the hosts.deny and add an ipchains rule denying
> all
> packets from the sender.
>
> Bret
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
