This is a really retarded thing to do. I will spoof a scan from the IP address of your gateway for example and you will fall off the internet =). Automatic reaction to attacks is very tricky to do right. -Kurt ----- Original Message ----- From: "patric illi" To: Sent: Friday, May 25, 2001 2:48 AM Subject: [suse-security] Detect a portscan attac

Cheers List !

I am thinking about a solution to disallow access to my server for all those who have made a portscan. I would like to insert their IP's into the /etc/host.deny file.

Does anybody know a way how to detect whether someone does a portscan ?

would be kind !

cheers & thx in advanced

patric illi

--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

You want to block all ppl who scan U ... I think that's right ...there is an easy way with snort, guardian and IPChains (IPTables) ... the both/three programs work together very nice, and guardian changes your IPChain-Rules automatically to block user. Just add a rule, that portscanning user should be blocked ... that's all ... Greetings Am Freitag, 25. Mai 2001 10:48 schrieben Sie:

Cheers List !

I am thinking about a solution to disallow access to my server for all those who have made a portscan. I would like to insert their IP's into the /etc/host.deny file.

Does anybody know a way how to detect whether someone does a portscan ?

would be kind !

cheers & thx in advanced

patric illi

--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com