From owner-freebsd-security Mon Aug 20 5:37:38 2001 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-7.dsl.lsan03.pacbell.net [63.207.60.7]) by hub.freebsd.org (Postfix) with ESMTP id EED0B37B40C; Mon, 20 Aug 2001 05:37:27 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 065A466D15; Mon, 20 Aug 2001 05:37:09 -0700 (PDT) Date: Mon, 20 Aug 2001 05:37:09 -0700 From: Kris Kennaway To: default - Subscriptions Cc: freebsd-questions@freebsd.org, freebsd-security@freebsd.org Subject: Re: Would like suggestion for an app to write IPFW rules... Message-ID: <20010820053709.A98564@xor.obsecurity.org> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="wRRV7LY7NUeQGEoC" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from default013subscriptions@hotmail.com on Mon, Aug 20, 2001 at 06:02:36AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --wRRV7LY7NUeQGEoC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Aug 20, 2001 at 06:02:36AM -0500, default - Subscriptions wrote: > Hi, >=20 > I am looking for something to enhance my IPFW firewall... (or would take = any > other firewall under consideration if there is one that comes suggested f= or > this type of application) I would like a suggestion on what would be a go= od > program to detect attacks such as DOSes, port scans, etc., that is capable > of writing IPFW on the fly to block the source of the attacks... >=20 > I believe that Snort can do this, but I am not very familiar with this ki= nd > of firewall so... Can be a dangerous idea, since it's usually trivial to spoof an "attack" coming from a critical server like your DNS servers, and cause your system to deny itself from the internet. If you have a 'default to deny' firewall and a sensible security policy for the remaining enabled ports then an active response doesn't really buy you anything anyway. Kris --wRRV7LY7NUeQGEoC Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7gQR1Wry0BWjoQKURAseWAJ0XtXxvjD1rY/I135Z/COv7BCA6cwCfV3Pp ak7x27UnKI6ZTBJEqeUnzG8= =40wr -----END PGP SIGNATURE----- --wRRV7LY7NUeQGEoC-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message