Automatically add attacks to deny list?

AT Matik asstec at matik.com.br
Mon Oct 3 19:04:15 PDT 2005


On Monday 03 October 2005 22:15, Olivier Nicole wrote:
> > Whenever someone tries a portscan or http server vulnerability scan on
> > my=20 system, I have to manually add their ip in my /etc/ipfw.conf file
> > such as: add 100 deny all from xx.xxx.xxx.xxx to any
> >

so why you would do that at all?

you have time left, ok , valid ..

first without carefull analysis you may not have the real IP in your logs

second, why block the IP you do not know if you real block "the guy"

third, why block him at all, you tell him, I fear you and you had success, go 
on fucking me ...

))) fourth, if your server do not stand a scan then you better stay at home 
playing mahjong (((

fifth, you better let the attacker get to your website to buy the things you 
sell there, only stupid people close the door of their shop ...

but probably you digged big holes already at the entrance of your street so 
that nobody can pass through anymore ;) but hpefully yo

hint: best and cheapest firewall ever is cutting the wire :)

João







A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura.
Service fornecido pelo Datacenter Matik  https://datacenter.matik.com.br


More information about the freebsd-ipfw mailing list