Quoting Rodrigo Barbosa <rodrigobat_private>: > You are right, of course. The thing I'm attempting is to make them > hit my traps faster, so I can react faster. And, as I said, I don't > think we should use the same method everywhere. Sametime I use > DROP, sometimes I use tcp-reset and sometimes, icmp-replies. > > As far as I got from this discussion, every method is about as good > as the other. All have advantages and problems. The real question is > how to balance them all to have the most benefits of each one of them. > Care to comment on this one ? In this case, it may make sense to keep your traps on a honeypot box. I'm having a bit of a difficult time understanding exactly what you mean by 'hit my traps faster, so I can react faster'. React how? What would your reaction to a port scan be? If you cite an example, I'll probably have a much clearer idea about what kinds of traps you're talking about. :) -- Chris Shepherd --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Jul 31 2003 - 07:54:54 PDT