Re: Request for discussion on defending against specific Nmap TCP syn and version scans.

From: revnic@gmail.com
Date: Thu Mar 02 2006 - 03:15:56 EST

('binary' encoding is not supported, stored as-is) you could run a script that will grep access_log for exploit attempts and add those IPs in iptable's drop list.... also there is a patch for iptables that will slow down portscanning.
another thing you could do is change service's banner.

------------------------------------------------------------------------------
This List Sponsored by: Lancope

"Discover the Security Benefits of Cisco NetFlow"
Learn how Cisco NetFlow enables cost-effective security across distributed
enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA)
and Response solution, leverages Cisco NetFlow to provide scalable,
internal network security.
Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response
Systems in the Enterprise."

http://www.lancope.com/resource/
------------------------------------------------------------------------------

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:35 EDT