On Thu, 06 Jul 2000 16:02:19 EDT, "Richard A. Steenbergen" said:
binding a range of IPs on it, to look for at least the "obvious" scans. I suspect not as many people as you would think are qualified to setup and accurately use this kind of system (the number of stupid and paranoid people who will complain about innocent behavior is almost as high as the number of stupid and unconcerned people out there who will be compromised).
Oh, I'm quite aware of how shallow the talent pool out there is - hell, if I got asked to review the SANS ddos roadmap white paper and top-ten list, there can't be THAT much kloo out there. ;) I get enough complaints from ZoneAlarm users who think that our NTP servers are scanning their ports 13, 37, and 137... ;) -- Valdis Kletnieks Operating Systems Analyst Virginia Tech