Date: Mon, 20 Aug 2001 05:37:09 -0700 From: Kris Kennaway <kris@obsecurity.org> To: default - Subscriptions <default013subscriptions@hotmail.com> Cc: freebsd-questions@freebsd.org, freebsd-security@freebsd.org Subject: Re: Would like suggestion for an app to write IPFW rules... Message-ID: <20010820053709.A98564@xor.obsecurity.org> In-Reply-To: <OE41bNDN4CxpAOAkK5L00001305@hotmail.com>; from default013subscriptions@hotmail.com on Mon, Aug 20, 2001 at 06:02:36AM -0500 References: <OE41bNDN4CxpAOAkK5L00001305@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Mon, Aug 20, 2001 at 06:02:36AM -0500, default - Subscriptions wrote: > Hi, > > I am looking for something to enhance my IPFW firewall... (or would take any > other firewall under consideration if there is one that comes suggested for > this type of application) I would like a suggestion on what would be a good > program to detect attacks such as DOSes, port scans, etc., that is capable > of writing IPFW on the fly to block the source of the attacks... > > I believe that Snort can do this, but I am not very familiar with this kind > of firewall so... Can be a dangerous idea, since it's usually trivial to spoof an "attack" coming from a critical server like your DNS servers, and cause your system to deny itself from the internet. If you have a 'default to deny' firewall and a sensible security policy for the remaining enabled ports then an active response doesn't really buy you anything anyway. Kris [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7gQR1Wry0BWjoQKURAseWAJ0XtXxvjD1rY/I135Z/COv7BCA6cwCfV3Pp ak7x27UnKI6ZTBJEqeUnzG8= =40wr -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010820053709.A98564>