From owner-freebsd-questions@FreeBSD.ORG  Sun Feb  5 23:55:14 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: questions@freebsd.org
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4FB6C16A420
	for <questions@freebsd.org>; Sun,  5 Feb 2006 23:55:14 +0000 (GMT)
	(envelope-from dscheidt@panix.com)
Received: from mail1.panix.com (mail1.panix.com [166.84.1.72])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 04BB143D45
	for <questions@freebsd.org>; Sun,  5 Feb 2006 23:55:13 +0000 (GMT)
	(envelope-from dscheidt@panix.com)
Received: from panix2.panix.com (panix2.panix.com [166.84.1.2])
	by mail1.panix.com (Postfix) with ESMTP id E1E4E58AB4;
	Sun,  5 Feb 2006 18:55:12 -0500 (EST)
Received: (from dscheidt@localhost)
	by panix2.panix.com (8.11.6p3/8.8.8/PanixN1.1) id k15NtDa16052;
	Sun, 5 Feb 2006 18:55:13 -0500 (EST)
Date: Sun, 5 Feb 2006 18:55:13 -0500
From: David Scheidt <dscheidt@panix.com>
To: fbsd_user <fbsd_user@a1poweruser.com>
Message-ID: <20060205235513.GA20707@panix.com>
References: <5ceb5d550602051357r27f07864lb408168902a68e12@mail.gmail.com>
	<MIEPLLIBMLEEABPDBIEGIELNHMAA.fbsd_user@a1poweruser.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <MIEPLLIBMLEEABPDBIEGIELNHMAA.fbsd_user@a1poweruser.com>
User-Agent: Mutt/1.5.10i
Cc: "Daniel A." <ldrada@gmail.com>, questions@freebsd.org,
	"Michael A. Alestock" <michaela@maa-net.net>
Subject: Re: IP Banning (Using IPFW)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Feb 2006 23:55:14 -0000

On Sun, Feb 05, 2006 at 05:38:11PM -0500, fbsd_user wrote:
> 
> You missed to whole meaning.
> Attackers only scan for the published service port numbers,
> that is what is meant by "portscan the box".
> Those high order port numbers are dynamically
> used during normal session conversation.
> So any response from those port numbers if an
> attacker scanned that high would be meaningless.
> Please check your facts before commenting.

Nonsense.  There may be some people that only scan well-known ports,
but it's much more common to scan every port on a machine.  If you're
running a server on a non-standard port, an attacker will find it.