[ previous ] [ next ] [ threads ]
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  "Monowall User List" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] automatic change of ip when possible hacker...
 Date:  Mon, 21 Jan 2008 19:27:42 -0500
On Jan 21, 2008 1:10 PM, Dennis Karlsson <dennis at denniskarlsson dot com> wrote:
> I don't see the initial problem? Is port probing an issue at all?

No, it really isn't. People tend to think it is, but aside from rare
cases of systems that crash from port scanning (with m0n0wall at the
perimeter, you don't have to worry about that), it's completely
harmless. Any smart attacker isn't going to all out port scan you,
it's too noisy. And he'll send attacks from a different IP than the
one used for reconnaissance. If you get owned by someone stupid enough
to run a port scan and then send an attack from the same IP, you have
some serious security issues that blocking IPs of port scanners isn't
going to resolve.