Date: Mon, 20 Aug 2001 16:28:21 +0200 From: Mark Rowlands <mark.rowlands@minmail.net> To: Kris Kennaway <kris@obsecurity.org>, default - Subscriptions <default013subscriptions@hotmail.com> Cc: freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Would like suggestion for an app to write IPFW rules... Message-ID: <01082016282101.04869@pcmarpxy.tninet.se> In-Reply-To: <20010820053709.A98564@xor.obsecurity.org> References: <OE41bNDN4CxpAOAkK5L00001305@hotmail.com> <20010820053709.A98564@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 20 August 2001 14:37, Kris Kennaway wrote: > On Mon, Aug 20, 2001 at 06:02:36AM -0500, default - Subscriptions wrote: > > Hi, > > > > I am looking for something to enhance my IPFW firewall... (or would take > > any other firewall under consideration if there is one that comes > > suggested for this type of application) I would like a suggestion on what > > would be a good program to detect attacks such as DOSes, port scans, > > etc., that is capable of writing IPFW on the fly to block the source of > > the attacks... > > > > I believe that Snort can do this, but I am not very familiar with this > > kind of firewall so... > > Can be a dangerous idea, since it's usually trivial to spoof an > "attack" coming from a critical server like your DNS servers, and > cause your system to deny itself from the internet. If you have a > 'default to deny' firewall and a sensible security policy for the > remaining enabled ports then an active response doesn't really buy you > anything anyway. > > Kris but it feels soooooo good :-) seriously though......active response ....bad...you really have no idea whether you are hitting a bad guy or an innocent dupe or even yourself without very big exclude lists....and those will need maintaining ...ussch. snort is very good, it does not actively respond although there is a plugin you can use for that and it is very easy to deploy and comes with some very nice analysis tools these days. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01082016282101.04869>