> If the firewall is being monitored the way that it should be, the longer it
> takes for the cracker to get in, the more time you will have to react to
> the problem. The logs should be monitored several times a day. This can
> tell you whether or not someone is trying to get in. By extending the time
> that it would take for them to scan all of the ports, you will have a much
> better chance of stopping them before they get in.
There is an alternative train of though that it doesn't really pay to
monitor port scans, it takes too much time and resources, and if you've
got 'em blocked anyway, who cares?
I'll agree that it pays to monitor the ports that you do NOT have blocked,
but who cares about scans on the networks, hosts or services that are
US Sprint tel: 703.689.6828
Managed Network Engineering internet: paul @
Reston, Virginia USA http://www.sprintmrn.com