Date: Mon, 3 Oct 2005 23:03:47 -0300 From: AT Matik <asstec@matik.com.br> To: freebsd-ipfw@freebsd.org Subject: Re: Automatically add attacks to deny list? Message-ID: <200510032303.47805.asstec@matik.com.br> In-Reply-To: <200510040115.j941FmTm040763@banyan.cs.ait.ac.th> References: <200510031816.26658.nb_root@videotron.ca> <200510040115.j941FmTm040763@banyan.cs.ait.ac.th>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 03 October 2005 22:15, Olivier Nicole wrote: > > Whenever someone tries a portscan or http server vulnerability scan on > > my=3D20 system, I have to manually add their ip in my /etc/ipfw.conf fi= le > > such as: add 100 deny all from xx.xxx.xxx.xxx to any > > so why you would do that at all? you have time left, ok , valid .. first without carefull analysis you may not have the real IP in your logs second, why block the IP you do not know if you real block "the guy" third, why block him at all, you tell him, I fear you and you had success, = go=20 on fucking me ... ))) fourth, if your server do not stand a scan then you better stay at home= =20 playing mahjong ((( fifth, you better let the attacker get to your website to buy the things yo= u=20 sell there, only stupid people close the door of their shop ... but probably you digged big holes already at the entrance of your street so= =20 that nobody can pass through anymore ;) but hpefully yo hint: best and cheapest firewall ever is cutting the wire :) Jo=E3o A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510032303.47805.asstec>