Date: Wed, 9 Jun 2004 22:48:31 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Khoi Dinh <khoi@oddworld.com> Cc: freebsd-stable@freebsd.org Subject: Re: Port scan detection in ipfw2 Message-ID: <20040610054831.GA81567@xor.obsecurity.org> In-Reply-To: <HZ2RNN00.Q1Y@luskan.oddworld.com> References: <HZ2RNN00.Q1Y@luskan.oddworld.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--u3/rZRmxL6MmkK24 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 09, 2004 at 09:11:46PM -0700, Khoi Dinh wrote: > Hi All, >=20 > This is a repost and I was hoping there might be a solution to this. I w= as > wondering if ipfw2 has the ability to detect port scan like iptables with > the psd module. I'm looking for a kernel-based solution, not app-based l= ike > portsentry. Also, is ipfw2 able to allow/disallow traffic according to > time? ie. If I wanted to allow http traffic only from 9am to 1pm, can I do > this with ipfw? I've been looking all over the net looking for a solution > but haven't found one and was hoping that someone on the list could help = me > out, even if the answer is "no, there are no such kernel-based features." The kernel is the wrong place for these features, and they can be implemented straightforwardly in userland. Kris --u3/rZRmxL6MmkK24 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAx/YvWry0BWjoQKURAu+lAKDXti/wZwutpzdU33UlK22WLHI0QACeKzXA Lt8TqJFFFhaIRwDs+JS+iiQ= =KGsE -----END PGP SIGNATURE----- --u3/rZRmxL6MmkK24--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040610054831.GA81567>