RE: port scan detected
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 19 Aug 2003 13:58:36 -0500
Ni Brian,
Nor should you. Blocking addresses that scan you is like shooting at
cars that drive past your home and look at your windows and front door.
:-) Be aware of the attempt, but you'll end up making a critical error
sooner or later if you block addresses without putting some intelligence
behind the block.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp>
-----Original Message-----
From: Rogers, Brian [mailto:RogersB@xxxxxxxxxxxxxx]
Sent: Tuesday, August 19, 2003 1:23 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: port scan detected
http://www.ISAserver.org
I simply don't have time to add a new filter for each and every
ip address that scans the firewall.
Perhaps if it would allow you to create a list of them you could
update...but creating a single packet filter for every scan ive gotten
would take me hours.
-----Original Message-----
From: Mark Hopkins [mailto:Mark.Hopkins@xxxxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, August 19, 2003 2:10 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: port scan detected
http://www.ISAserver.org
Personally, I figure that a port scan on my site is someone up
to no good, and I ban the IP address (inbound). If the IP address if
resolvable and I can contact the owner, I will attempt to do so. If the
owner takes appropriate action (to my liking), I remove the packet
filter. Lately I seem to be getting a couple of scans per week. Perhaps
I should ban all incoming traffic! :-) :-) :-)
Mark
Other related posts:
