IP Banning (Using IPFW)

David Scheidt dscheidt at panix.com
Sun Feb 5 15:55:14 PST 2006

On Sun, Feb 05, 2006 at 05:38:11PM -0500, fbsd_user wrote:
> You missed to whole meaning.
> Attackers only scan for the published service port numbers,
> that is what is meant by "portscan the box".
> Those high order port numbers are dynamically
> used during normal session conversation.
> So any response from those port numbers if an
> attacker scanned that high would be meaningless.
> Please check your facts before commenting.

Nonsense.  There may be some people that only scan well-known ports,
but it's much more common to scan every port on a machine.  If you're
running a server on a non-standard port, an attacker will find it.

More information about the freebsd-questions mailing list