Date: 02 Jun 2004 21:35:45 -0600 From: Ed Stover <estover@nativenerds.com> To: freebsd-ipfw@freebsd.org Subject: Re: freebsd-ipfw Digest, Vol 62, Issue 1 Message-ID: <1086233744.12655.1477.camel@Macinlinuz> In-Reply-To: <20040531190055.AE76716A4DB@hub.freebsd.org> References: <20040531190055.AE76716A4DB@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Me personally , I would implement black holing. Want to give the impression that you machine is not turned on. IPFW can deny the packets but black holing will completely drop them. 1. Edit your /etc/sysctl.conf a.add these lines net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1 These will modify your OS fingerprint and only syn scans will work and they will work real slow. On Mon, 2004-05-31 at 13:00, freebsd-ipfw-request@freebsd.org wrote: > Send freebsd-ipfw mailing list submissions to > freebsd-ipfw@freebsd.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > or, via email, send a message with subject or body 'help' to > freebsd-ipfw-request@freebsd.org > > You can reach the person managing the list at > freebsd-ipfw-owner@freebsd.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of freebsd-ipfw digest..." > > > Today's Topics: > > 1. newbie question (El DaEm0n) > 2. Re: newbie question (Chuck Swiger) > 3. Re: newbie question (El DaEm0n) > 4. Re: newbie question (Chuck Swiger) > 5. Current problem reports assigned to you (FreeBSD bugmaster) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 31 May 2004 00:05:13 +0000 > From: "El DaEm0n" <jackass_wasa@hotmail.com> > Subject: newbie question > To: freebsd-ipfw@freebsd.org > Message-ID: <BAY12-F80XNdGPB0BgB0001dfc7@hotmail.com> > Content-Type: text/plain; charset=iso-8859-1; format=flowed > > hi guys, i have a question how can i made with IPW show portscan that my > system is down? > > _________________________________________________________________ > MSN Fotos: la forma más fácil de compartir e imprimir fotos. > http://photos.msn.es/support/worldwide.aspx > > > ------------------------------ > > Message: 2 > Date: Mon, 31 May 2004 12:46:11 -0400 > From: Chuck Swiger <cswiger@mac.com> > Subject: Re: newbie question > To: El DaEm0n <jackass_wasa@hotmail.com> > Cc: freebsd-ipfw@freebsd.org > Message-ID: <40BB6153.5050604@mac.com> > Content-Type: text/plain; charset=us-ascii; format=flowed > > El DaEm0n wrote: > > hi guys, i have a question how can i made with IPW show portscan that > > my system is down? > > Disconnect the ethernet cable? > "ipfw add 10 deny ip from any to any" > > ...a little more context would help us give a more useful answer. > > -- > -Chuck > > > ------------------------------ > > Message: 3 > Date: Mon, 31 May 2004 17:22:36 +0000 > From: "El DaEm0n" <jackass_wasa@hotmail.com> > Subject: Re: newbie question > To: freebsd-ipfw@freebsd.org > Message-ID: <BAY12-F77L4Sxsew2gI0003c448@hotmail.com> > Content-Type: text/plain; charset=iso-8859-1; format=flowed > > ok my problem is when i made a portscan to my server in another pc it > revealed my open ports, so all i wanna do is when i made a ports scan from > another pc to my server mi IPFW show to portscan that my system appears > down, > > i see this in other systems using PF but i wanna know how to make using > IPFW > can you help? > > thanks! > > > >El DaEm0n wrote: > >>hi guys, i have a question how can i made with IPW show portscan that my > >>system is down? > > > >Disconnect the ethernet cable? > >"ipfw add 10 deny ip from any to any" > > > >...a little more context would help us give a more useful answer. > > > >-- > >-Chuck > > _________________________________________________________________ > MSN Fotos: la forma más fácil de compartir e imprimir fotos. > http://photos.msn.es/support/worldwide.aspx > > > ------------------------------ > > Message: 4 > Date: Mon, 31 May 2004 13:58:00 -0400 > From: Chuck Swiger <cswiger@mac.com> > Subject: Re: newbie question > To: El DaEm0n <jackass_wasa@hotmail.com> > Cc: freebsd-ipfw@freebsd.org > Message-ID: <40BB7228.904@mac.com> > Content-Type: text/plain; charset=us-ascii; format=flowed > > El DaEm0n wrote: > > ok my problem is when i made a portscan to my server in another pc it > > revealed my open ports, so all i wanna do is when i made a ports scan > > from another pc to my server mi IPFW show to portscan that my system > > appears down, > > You probably want to use something like this, from "man ipfw": > > The typical use of dynamic rules is to keep a closed firewall configura- > tion, but let the first TCP SYN packet from the inside network install a > dynamic rule for the flow so that packets belonging to that session will > be allowed through the firewall: > > ipfw add check-state > ipfw add allow tcp from my-subnet to any setup keep-state > ipfw add deny tcp from any to any > > Going beyond these examples to a meaningful firewall configuration involves > thinking about your security policy, considering roles and required services, > etc....
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1086233744.12655.1477.camel>