> It works fine for me, though. No complaints from Analog, and it was the
Take a look at the other reports. Do they still make sense?
> see how many tries one host has had on a specific port, which is (IMHO)
I think it is not relevant how many tries one host had. The experienced guys use optimized portscanners and have just one try per port, but many tries which is shown in the host report.
The current worms and script kiddies just try the same ports (currently DNS, portmap and FTP) and are blocked.
> five different machines connecting on telnet. Then you can see who does it
> the most.
That makes sense.
The best thing would be showing it both ways. I think I can activate another report for it, e.g. fake the source host/requested port in the Browser field. But there would be no DNS resolution for that (like in your blocked port report).
-- _________________________________________________________________ Balázs Bárány balazs~AT~tud.at http://tud.at ICQ 10747763 Computers. You can't live with them, you can't live without them.
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 22:22:03 CEST