Date: Thu, 10 Jun 2004 15:59:38 -0400 From: Chuck Swiger <cswiger@mac.com> To: khoi@oddworld.com Cc: freebsd-stable@freebsd.org Subject: Re: Port scan detection in ipfw2 Message-ID: <40C8BDAA.9040301@mac.com> In-Reply-To: <HZ2RNN00.Q1Y@luskan.oddworld.com> References: <HZ2RNN00.Q1Y@luskan.oddworld.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Khoi Dinh wrote: > This is a repost and I was hoping there might be a solution to this. I was > wondering if ipfw2 has the ability to detect port scan like iptables with > the psd module. I'm looking for a kernel-based solution, not app-based like > portsentry. ipfw performs packet inspection and it can certainly recognize the traffic associated with a port scan, yes. The kernel provides support for limiting the generation of ICMP error messages, which is what happens when someone port scans a bunch of closed ports. What else did you want to do? > Also, is ipfw2 able to allow/disallow traffic according to > time? ie. If I wanted to allow http traffic only from 9am to 1pm, can I do > this with ipfw? IPFW and IPFW2 have no notion of time, but one could very easily use cron to change your firewall rulesets at specific times in order to accomplish what you've asked for. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40C8BDAA.9040301>