From owner-freebsd-questions@FreeBSD.ORG  Mon Feb  6 22:37:26 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 66AD816A420
	for <freebsd-questions@freebsd.org>;
	Mon,  6 Feb 2006 22:37:26 +0000 (GMT) (envelope-from atissita@btv.lv)
Received: from mail.4nets.lv (126-4.zlt1.4nets.lv [217.199.126.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E1FEF43D45
	for <freebsd-questions@freebsd.org>;
	Mon,  6 Feb 2006 22:37:24 +0000 (GMT) (envelope-from atissita@btv.lv)
Received: from localhost (4nets.lv [127.0.0.1])
	by mail.4nets.lv (Postfix) with ESMTP id 03442B3C027
	for <freebsd-questions@freebsd.org>;
	Tue,  7 Feb 2006 00:31:41 +0200 (EET)
Received: from mail.4nets.lv ([127.0.0.1])
	by localhost (mail.4nets.lv [127.0.0.1]) (amavisd-new,
	port 10024) with ESMTP
	id 17946-04 for <freebsd-questions@freebsd.org>;
	Tue,  7 Feb 2006 00:31:40 +0200 (EET)
Received: from localhost.net (unknown [217.199.123.35])
	by mail.4nets.lv (Postfix) with SMTP id 65EACB3C021
	for <freebsd-questions@freebsd.org>;
	Tue,  7 Feb 2006 00:31:40 +0200 (EET)
Date: Tue, 7 Feb 2006 00:40:22 +0200
From: Atis <atissita@btv.lv>
To: freebsd-questions@freebsd.org
Message-Id: <20060207004022.3e238768.atissita@btv.lv>
In-Reply-To: <20060205235513.GA20707@panix.com>
References: <5ceb5d550602051357r27f07864lb408168902a68e12@mail.gmail.com>
	<MIEPLLIBMLEEABPDBIEGIELNHMAA.fbsd_user@a1poweruser.com>
	<20060205235513.GA20707@panix.com>
X-Mailer: Sylpheed version 2.0.4 (GTK+ 2.8.10; i386-portbld-freebsd5.4)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new at 4nets.lv
Subject: Re: IP Banning (Using IPFW)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Feb 2006 22:37:26 -0000

On Sun, 5 Feb 2006 18:55:13 -0500
David Scheidt <dscheidt@panix.com> wrote:

> 
> Nonsense.  There may be some people that only scan well-known ports,
> but it's much more common to scan every port on a machine.  If you're
> running a server on a non-standard port, an attacker will find it.
> 

sure, but 99% of the time the machines attacking your server are zombies
that do not care to do a full portscan. i suppose the purpose is to
find other misconfigured, easy-to-hack computers on the network. by
putting your services on non-standard ports you get rid of these
mindless drones and don't pollute log files with useless garbage.

now if somebody _does_ actually target your server in particular then
this is definitely not the solution.

anywayz, putting things on non-standard ports helps a lot, and is
one of the first and easiest security measures an administrator
may consider.


Atis