Date: Tue, 7 Feb 2006 00:40:22 +0200 From: Atis <atissita@btv.lv> To: freebsd-questions@freebsd.org Subject: Re: IP Banning (Using IPFW) Message-ID: <20060207004022.3e238768.atissita@btv.lv> In-Reply-To: <20060205235513.GA20707@panix.com> References: <5ceb5d550602051357r27f07864lb408168902a68e12@mail.gmail.com> <MIEPLLIBMLEEABPDBIEGIELNHMAA.fbsd_user@a1poweruser.com> <20060205235513.GA20707@panix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 5 Feb 2006 18:55:13 -0500 David Scheidt <dscheidt@panix.com> wrote: > > Nonsense. There may be some people that only scan well-known ports, > but it's much more common to scan every port on a machine. If you're > running a server on a non-standard port, an attacker will find it. > sure, but 99% of the time the machines attacking your server are zombies that do not care to do a full portscan. i suppose the purpose is to find other misconfigured, easy-to-hack computers on the network. by putting your services on non-standard ports you get rid of these mindless drones and don't pollute log files with useless garbage. now if somebody _does_ actually target your server in particular then this is definitely not the solution. anywayz, putting things on non-standard ports helps a lot, and is one of the first and easiest security measures an administrator may consider. Atis
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060207004022.3e238768.atissita>