[plug] Active response IDSs?

bob bob at fots.org.au
Sat Aug 3 11:05:31 WST 2002


On Sat, 2002-08-03 at 03:03, Craig Foster wrote:
> If you want to block people doing scans, you can use portsentry, where
> not-very-nice-people get sent to an iptables or ipchains DENY...

Yep, thats more or less what I wanted.
 
> Just make sure that VERY trusted machines are excluded, such as your
> routers and mail servers, just in case someone tries spoofing your
> router (very funny results - not)

Good point.
 
> Craig F.

Thanks for the feedback.
 
-- 
bob
Cave canem...te necet lingendo.



More information about the plug mailing list