|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Scan of TCP 552-554
From: Chris Shepherd (chriss
whstuart.com)
Date: Thu Jul 31 2003 - 07:42:27 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Quoting Rodrigo Barbosa <rodrigobsuespammers.org>:
> You are right, of course. The thing I'm attempting is to make them
> hit my traps faster, so I can react faster. And, as I said, I don't
> think we should use the same method everywhere. Sametime I use
> DROP, sometimes I use tcp-reset and sometimes, icmp-replies.
>
> As far as I got from this discussion, every method is about as good
> as the other. All have advantages and problems. The real question is
> how to balance them all to have the most benefits of each one of them.
> Care to comment on this one ?
In this case, it may make sense to keep your traps on a honeypot box. I'm having
a bit of a difficult time understanding exactly what you mean by 'hit my traps
faster, so I can react faster'. React how? What would your reaction to a port
scan be? If you cite an example, I'll probably have a much clearer idea about
what kinds of traps you're talking about. :)
--
Chris Shepherd
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]