On Wed, May 15, 2002 at 06:19:00PM -0700, briareos@otherlands.net said: [snip]
On Wed, 15 May 2002, Johannes B. Ullrich wrote: [briareos@otherlands.net]
Even more, I would hate to see the advocation of a hostile reaction to what, so far, is not considered a crime.
I agree. Scanning is no crime. But blocking isn't a crime either.
Agreed. But this blocking still will do no good. My previous questions still stand. What about timing? What about breaking up segements of the network to be scanned by different hosts? How many hits on the linemines constitute blocking? Are you blocking hosts or networks? Either way, what about dynamic ips? What about scans done from different networks other than that which the supposed attacker is originating from. Universitys, unsecured wireless lans, etc.
So because we can't implement a perfect solution, let's do nothing at all about the problem?
-- Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t Systems/Network Manager sfrancis@ [work:] t o n o s . c o m GPG public key 0xCB33CCA7 illum oportet crescere me autem minui