North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Re: "portscans" (was Re: Arbor Networks DoS defense product)
> RD> I think that's pretty stupid. If I had my network admin investigate every > RD> portscan, my staff costs would go up 10x and I'd quickly go bankrupt. > RD> Instead we keep our servers very secure, and spend the time and effort > RD> only when there is evidence of a break in. > > I didn't say investigate every portscan, I said assume every portscan > is hostile. There is a big difference. So you assume it's hostile and do what? Automatically block the source IP? If you do that then you open up a bigger DOS hole. Then if someone sends a bunch of SYN scans with the source address spoofed as your upstream transit providers' BGP peering IP, poof! you're gone.