17 May
2002
17 May
'02
3:50 a.m.
On Thu, 16 May 2002, Dragos Ruiu wrote:
But that said. Blackholing as a response for portscanning is stupid. If you are a small communications end-point it's dumb. Just run portsentry for a while with auto-firewall rules if you need convincing. If you are a communications service provider providing packet transit for others (even employees), it's hostile.
What if you are portscanned repeatedly by a network and that network refuses to shut down their scanners even after being asked many times (eg, rogue chinese and korean networks) I think that you should leave network policy up to the service provider to decide. -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]