Hi,..
I read about this first thing this morning on my excite page. I saw Beacher's post then and thought about replying then, but it's been a busy day..
The server currently/routinely repels several probes every day. I'm rather unforgiving so probes that make full contact are blocked as soon as they happen.
I only run what is absolutely necessary and some services are on non-standard ports. If someone probes for one of those services on its standard port, the offending IP is blocked immediately and the server sends me a report, also immediately. I try hard to keep required services patched as insecurities are identified.
I don't mistake these probes for actual hack attempts...those have been pretty rare although there have been a few. I'm always on at least a "yellow" stage alert here. My logic is that probes are often sent by hackers looking for access. Blocking the probing IP won't keep that hacker from getting to the server because true hackers will have huge numbers of IPs they can access, but it they stupidly keep probing, they keep getting blocked. A serious hacker will have methods for gaining access that don't start with probes. So, I maintain a certain level of paranoia, a deligent patching regimen, a backup, and a close eye.
I don't think this supposed upcoming "hack fest" is anything especially unique or even new. It's a tough, sometimes nasty world out there. I'll be watching though..with helmet and battle shields at the ready.
Bill, I'm borrowing your line for one post..
see me. -->
