[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] PortSentry 2.0b1 Beta released
- Subject: Re: [cobalt-security] PortSentry 2.0b1 Beta released
- From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
- Date: Thu, 11 Apr 2002 13:18:19 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
"Mike Vanecek" <clist.mtv@xxxxxxxxxxxx> wrote:
> I then have the choice of putting that ip address (or
> range) into a permanent ip firewall block.
Are you using IPCHAINS to block the IPs, your router or something else? How
many IPs or subnets are you blocking at any given time and do you find that
affects performance? My philosophy is generally to only block IPs for a
short period of time (hours or days). I base that on my experience that
most portscans and hacking attempts are from dialup IPs or rooted machines
so the threat from those IPs after a short period of time seems to be much
less. Any thoughts?
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/