From owner-freebsd-security  Sat Jan 27 21:43: 1 2001
Delivered-To: freebsd-security@freebsd.org
Received: from imo-d10.mx.aol.com (imo-d10.mx.aol.com [205.188.157.42])
	by hub.freebsd.org (Postfix) with ESMTP id 0BC2137B69D
	for <freebsd-security@freebsd.org>; Sat, 27 Jan 2001 21:42:43 -0800 (PST)
Received: from FBSDSecure@aol.com
	by imo-d10.mx.aol.com (mail_out_v29.5.) id n.dc.19146d4 (16781)
	 for <freebsd-security@freebsd.org>; Sun, 28 Jan 2001 00:42:40 -0500 (EST)
From: FBSDSecure@aol.com
Message-ID: <dc.19146d4.27a50b4f@aol.com>
Date: Sun, 28 Jan 2001 00:42:39 EST
Subject: (no subject)
To: freebsd-security@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: AOL 5.0 for Windows sub 120
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In a message dated 1/26/01 2:01:24 AM Pacific Standard Time, roam@orbitel.bg 
writes:

> You can make your firewall log all denied packets - it's those that cause
>  ICMP responses, mostly.  I'm not sure logging all denied packets is a good
>  idea, though, especially if you expect - or even deem it possible - that
>  you might be attacked.  Trust me, I've had syslogd hog my CPU during
>  a portscan :)
>  
>  G'luck,
>  Peter
>  
>  

To prevent portscanning, there is a package in the ports collection called 
portsentry under both the net and security branches.  I an currently using it 
on my firewall computer and when it detects that someone is portscanning your 
computer, you can 'ban' the attacker's IP address using ipfw and email you 
automatically.

Dan.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message