Hello,
> It works fine for me, though. No complaints from Analog, and it was the
Take a look at the other reports. Do they still make sense?
> see how many tries one host has had on a specific port, which is (IMHO)
I think it is not relevant how many tries one host had. The experienced guys
use optimized portscanners and have just one try per port, but many tries
which is shown in the host report.
The current worms and script kiddies just try the same ports (currently DNS,
portmap and FTP) and are blocked.
> five different machines connecting on telnet. Then you can see who does it
> the most.
That makes sense.
The best thing would be showing it both ways. I think I can activate another
report for it, e.g. fake the source host/requested port in the Browser
field. But there would be no DNS resolution for that (like in your blocked
port report).
Regards
-- _________________________________________________________________ Balázs Bárány balazs~AT~tud.at http://tud.at ICQ 10747763 Computers. You can't live with them, you can't live without them.
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 22:22:03 CEST