Regarding to Solar Designer (1999) it is not a good idea to block access to a IP address based on port scan. Port scan can be easily spoofed by generating 1000 of requests to a target with 999 spoofed source addresses and only one real one. This type of attach makes impossible
Archive for the ‘Intrusion Detection’ Category
Ban IP address based on port scan detection
Posted: 22nd July 2009 by as in Computer Security, Intrusion Detection, Intrusion Detection ToolsComments Off