Any astute admin would block the class C and contact the ISP, upon seeing multiple firewall entries from a particular address block. But adding to what you said in another post about portsentry only being a "part" of your security is exactly right. Portsentry can spit out warnings all day, but if you have no idea how to interpret the logs and how to rectify the problems, the software is useless. ;^) Brandon Wheaton UNIX Systems Engineer ValiCert, Inc. 1215 Terra Bella Ave. Mountain View, CA 94043 650.567.5430 ---- Computers are useless; they can only provide answers. ~Pablo Picasso -----Original Message----- From: H.P. Stroebel [mailto:hpstr@xxxxxxxxxxxxx] Sent: Wednesday, June 28, 2000 4:55 PM To: cobalt-users@xxxxxxxxxxxxxxx Subject: Re: [cobalt-users] installing ssh on raq2 and, portsentry does not really prevent portscans, it makes them a bit more difficult. if i know that you use portsentry, i use a dial-up connection with a mass provider, write a script that scans one port, and if it get`s blocked, it hangs up, dials again (other ip highly probable) and checks the next one. so a port scan takes half an hour instead of a minute... -- H. P. Ströbel PGP Digital Fingerprint : 58E0 6ECB 620A A689 E206 BCA8 300F BC45 6EEC F7C3 Yes, I do. But not Yahoo. _______________________________________________ cobalt-users mailing list cobalt-users@xxxxxxxxxxxxxxx To Subscribe or Unsubscribe, please go to: http://list.cobalt.com/mailman/listinfo/cobalt-users
Attachment:
smime.p7s
Description: S/MIME cryptographic signature