Automatically add attacks to deny list?
AT Matik
asstec at matik.com.br
Mon Oct 3 19:04:15 PDT 2005
On Monday 03 October 2005 22:15, Olivier Nicole wrote:
> > Whenever someone tries a portscan or http server vulnerability scan on
> > my=20 system, I have to manually add their ip in my /etc/ipfw.conf file
> > such as: add 100 deny all from xx.xxx.xxx.xxx to any
> >
so why you would do that at all?
you have time left, ok , valid ..
first without carefull analysis you may not have the real IP in your logs
second, why block the IP you do not know if you real block "the guy"
third, why block him at all, you tell him, I fear you and you had success, go
on fucking me ...
))) fourth, if your server do not stand a scan then you better stay at home
playing mahjong (((
fifth, you better let the attacker get to your website to buy the things you
sell there, only stupid people close the door of their shop ...
but probably you digged big holes already at the entrance of your street so
that nobody can pass through anymore ;) but hpefully yo
hint: best and cheapest firewall ever is cutting the wire :)
João
A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura.
Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br
More information about the freebsd-ipfw
mailing list