* use kernels with the CONFIG_EXPLOIT_DETECTION turned on (either rolling their own or using a distro's enabled kernel)
* have systems that are likely to be probed by script-kiddies
* want to know if they're being probed
* watch their logs
Now, that isn't everyone - but it's a lot of people, including me. Even if I discover the probing after the fact, there's a good chance that the script-kiddie won't clean the logs, so I can then shut the system down and restore from a good backup.
So I for one think this a good idea.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds