Nmap Announce mailing list archives
Re: how to know scan is correct?
From: Mikael Olsson <mikael.olsson () enternet se>
Date: Fri, 11 Feb 2000 11:28:52 +0100
Bennett Todd wrote:
2000-02-10-01:09:22 Justin:filter the offending ip/netmask for 30 minutes or a few daysIf you're going to do any such reactive firewall stuff as this, make very sure nobody knows you're doing it; if they know you're doing that, it's amazingly easy for them to cut you off from any or all of the internet. Lessee, how long would it take to send SYN packets to closed ports with source addrs forged from all the root nameservers.
This is exactly what Watchguard Firebox does. I tried to raise a question along the same lines on the firewalls list some time ago, but got flames for responses: "You fool, they've been doing this for years, and we've never had any problems." Hrmph. -- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46 (0)660 105 50 Fax: +46 (0)660 122 50 Mobile: +46 (0)70 248 00 33 WWW: http://www.enternet.se E-mail: mikael.olsson () enternet se
Current thread:
- Re: how to know scan is correct? Marcy Abene (Feb 09)
- Re: how to know scan is correct? Justin (Feb 09)
- Re: how to know scan is correct? Bennett Todd (Feb 10)
- Re: how to know scan is correct? Justin (Feb 11)
- Re: how to know scan is correct? Bart van Leeuwen (Feb 11)
- Re: how to know scan is correct? Mikael Olsson (Feb 11)
- Re: how to know scan is correct? Bennett Todd (Feb 10)
- Re: how to know scan is correct? Bart van Leeuwen (Feb 10)
- Re: how to know scan is correct? Eric Hankins (Feb 11)
- Re: how to know scan is correct? Justin (Feb 09)
- Re: how to know scan is correct? $eeweed (Feb 10)
- Re: how to know scan is correct? Enrico Demarin (Feb 11)