From owner-freebsd-questions  Wed Jul 25 15:37:52 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from forkbomb.martini.nu (forkbomb.martini.nu [204.118.247.250])
	by hub.freebsd.org (Postfix) with SMTP id 7186737B403
	for <freebsd-questions@freebsd.org>; Wed, 25 Jul 2001 15:37:48 -0700 (PDT)
	(envelope-from reich@forkbomb.martini.nu)
Received: (qmail 96995 invoked by uid 1000); 25 Jul 2001 22:37:46 -0000
Date: Wed, 25 Jul 2001 15:37:46 -0700
From: Mahlon Smith <reich@internetcds.com>
To: GARGIULO Eduardo INGDESI <YAPEDU@SIDERAR.COM>
Cc: freebsd-questions@freebsd.org
Subject: Re: ipfw questions
Message-ID: <20010725153746.K2068@internetcds.com>
References: <F06719ACCB96D311B52C0008C7B1518B028468E6@SARZSEX2>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <F06719ACCB96D311B52C0008C7B1518B028468E6@SARZSEX2>; from "YAPEDU@SIDERAR.COM" on Wed, Jul 25, 2001 at 03:01:51PM
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG



You can't really protect against port scanners without blocking
the port entirely.  There isn't much of a point to it anyway, you
can't provide a service and show it as unavailable simultaneously.

However, you can be notified of who's doing it with 'snort' out of
ports, and complain to their abuse dept.  Sometimes is works.

Look into the dummynet features of ipfw to bandwidth limit icmp
flooding at your router, works well.

If the windows boxes behind your router are still capable of being taken
down by the ping of death... I think you probably have other issues that
need worked out first.  Like upgrading.
(Unless there is a new one I don't know about, that exploit is about 6
years old)

-Mahlon

--
Mahlon Smith
InternetCDS
http://www.internetcds.com


On Wed, Jul 25, 2001, GARGIULO Eduardo INGDESI wrote:
> Hi all.
> 
> I'm running 4.2-RELEASE and using tun0 to connect to Internet
> I'm looking for ipfw rules to protect my LAN against syn-floods, 
> furtive port scanners and DoS, more exactly, ping of death. 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message