Date: Mon, 20 Aug 2001 05:37:09 -0700 From: Kris Kennaway <kris@obsecurity.org> To: default - Subscriptions <default013subscriptions@hotmail.com> Cc: freebsd-questions@freebsd.org, freebsd-security@freebsd.org Subject: Re: Would like suggestion for an app to write IPFW rules... Message-ID: <20010820053709.A98564@xor.obsecurity.org> In-Reply-To: <OE41bNDN4CxpAOAkK5L00001305@hotmail.com>; from default013subscriptions@hotmail.com on Mon, Aug 20, 2001 at 06:02:36AM -0500 References: <OE41bNDN4CxpAOAkK5L00001305@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--wRRV7LY7NUeQGEoC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Aug 20, 2001 at 06:02:36AM -0500, default - Subscriptions wrote: > Hi, >=20 > I am looking for something to enhance my IPFW firewall... (or would take = any > other firewall under consideration if there is one that comes suggested f= or > this type of application) I would like a suggestion on what would be a go= od > program to detect attacks such as DOSes, port scans, etc., that is capable > of writing IPFW on the fly to block the source of the attacks... >=20 > I believe that Snort can do this, but I am not very familiar with this ki= nd > of firewall so... Can be a dangerous idea, since it's usually trivial to spoof an "attack" coming from a critical server like your DNS servers, and cause your system to deny itself from the internet. If you have a 'default to deny' firewall and a sensible security policy for the remaining enabled ports then an active response doesn't really buy you anything anyway. Kris --wRRV7LY7NUeQGEoC Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7gQR1Wry0BWjoQKURAseWAJ0XtXxvjD1rY/I135Z/COv7BCA6cwCfV3Pp ak7x27UnKI6ZTBJEqeUnzG8= =40wr -----END PGP SIGNATURE----- --wRRV7LY7NUeQGEoC-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010820053709.A98564>