At 05:31 23-5-2001 -0400, you wrote:
Portsentry will not protect you agains 90% of the scriptkiddies (and worms) around. All the scriptkiddies scan with synscan from www.psychoid.lam3rz.de, and that scanner just scans class a/b/c networks for one open port (definable), and will check the service that is running on that port for versions. Yes, you can scan multiple ports at a time, but that way it will only scan the whole network for one port, and after that for another. So its not checking multiple ports on one host at a time. That way portsentry will not block it. Scanning multiple ports on one host draws too much attention, so the scriptkiddies will never use that. Real hackers also have distributed portscanners that will portscan a machine with an different ip for every port. For advanced linux users i would suggest using sort IDS (www.snort.org) with ACIDCert as graphical/mysql backend.It's a good question. > > > but how do the hackers find your > > vunerable Raq? Do they just scan a whole whack of IPs and hope some of > > them are cobalt machines? > > A lot of them scan IP ranges, check for open and ports and check for known this is why you want to have portsentry installed... it helps to keep you off of databases of machine types....