Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 10 Jun 2004 13:37:49 -0700
From:      "Khoi Dinh" <khoi@oddworld.com>
To:        "'Chuck Swiger'" <cswiger@mac.com>
Cc:        freebsd-stable@freebsd.org
Subject:   RE: Port scan detection in ipfw2
Message-ID:  <HZ41B200.02Y@luskan.oddworld.com>
In-Reply-To: <40C8BDAA.9040301@mac.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Excellent!  This is what I need.  The hint leads me to changing
"net.inet.icmp.icmplim" accordingly.

Thanks!
Khoi 

-----Original Message-----
From: Chuck Swiger [mailto:cswiger@mac.com] 
Sent: Thursday, June 10, 2004 1:00 PM
To: khoi@oddworld.com
Cc: freebsd-stable@freebsd.org
Subject: Re: Port scan detection in ipfw2

Khoi Dinh wrote:
> This is a repost and I was hoping there might be a solution to this.  
> I was wondering if ipfw2 has the ability to detect port scan like 
> iptables with the psd module.  I'm looking for a kernel-based 
> solution, not app-based like portsentry.

ipfw performs packet inspection and it can certainly recognize the traffic
associated with a port scan, yes.  The kernel provides support for limiting
the generation of ICMP error messages, which is what happens when someone
port scans a bunch of closed ports.  What else did you want to do?

> Also, is ipfw2 able to allow/disallow traffic according to time? ie. 
> If I wanted to allow http traffic only from 9am to 1pm, can I do this 
> with ipfw?

IPFW and IPFW2 have no notion of time, but one could very easily use cron to
change your firewall rulesets at specific times in order to accomplish what
you've asked for.

--
-Chuck




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?HZ41B200.02Y>