port scan detection on server

Tapas Mishra mightydreams at gmail.com
Sat Nov 20 12:10:36 UTC 2010

On Fri, Nov 19, 2010 at 8:53 PM, Mark Foster <mark at foster.cc> wrote:
> http://sourceforge.net/projects/sentrytools/
Ok I was reading some thing more about guides available on internet
here I found a useful page
but for the above link some one suggested me

"if you do go down this path then you should make sure you have TCP
SYN cookies enabled (while understanding the implications), and that
your rules match SYN packets specifically (not just packets in state
NEW). Otherwise, you'd have created a brand new denial-of-service
vulnerability on your server."

Is that correct?
What is the harm in going the IPTABLES way of stopping port scans.(I
have rate limited IPTABLES)

More information about the ubuntu-server mailing list