Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 20 Aug 2001 05:37:09 -0700
From:      Kris Kennaway <kris@obsecurity.org>
To:        default - Subscriptions <default013subscriptions@hotmail.com>
Cc:        freebsd-questions@freebsd.org, freebsd-security@freebsd.org
Subject:   Re: Would like suggestion for an app to write IPFW rules...
Message-ID:  <20010820053709.A98564@xor.obsecurity.org>
In-Reply-To: <OE41bNDN4CxpAOAkK5L00001305@hotmail.com>; from default013subscriptions@hotmail.com on Mon, Aug 20, 2001 at 06:02:36AM -0500
References:  <OE41bNDN4CxpAOAkK5L00001305@hotmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help

--wRRV7LY7NUeQGEoC
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Aug 20, 2001 at 06:02:36AM -0500, default - Subscriptions wrote:
> Hi,
>=20
> I am looking for something to enhance my IPFW firewall... (or would take =
any
> other firewall under consideration if there is one that comes suggested f=
or
> this type of application) I would like a suggestion on what would be a go=
od
> program to detect attacks such as DOSes, port scans, etc., that is capable
> of writing IPFW on the fly to block the source of the attacks...
>=20
> I believe that Snort can do this, but I am not very familiar with this ki=
nd
> of firewall so...

Can be a dangerous idea, since it's usually trivial to spoof an
"attack" coming from a critical server like your DNS servers, and
cause your system to deny itself from the internet.  If you have a
'default to deny' firewall and a sensible security policy for the
remaining enabled ports then an active response doesn't really buy you
anything anyway.

Kris

--wRRV7LY7NUeQGEoC
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7gQR1Wry0BWjoQKURAseWAJ0XtXxvjD1rY/I135Z/COv7BCA6cwCfV3Pp
ak7x27UnKI6ZTBJEqeUnzG8=
=40wr
-----END PGP SIGNATURE-----

--wRRV7LY7NUeQGEoC--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010820053709.A98564>