Date: Thu, 10 Jun 2004 13:37:49 -0700 From: "Khoi Dinh" <khoi@oddworld.com> To: "'Chuck Swiger'" <cswiger@mac.com> Cc: freebsd-stable@freebsd.org Subject: RE: Port scan detection in ipfw2 Message-ID: <HZ41B200.02Y@luskan.oddworld.com> In-Reply-To: <40C8BDAA.9040301@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Excellent! This is what I need. The hint leads me to changing "net.inet.icmp.icmplim" accordingly. Thanks! Khoi -----Original Message----- From: Chuck Swiger [mailto:cswiger@mac.com] Sent: Thursday, June 10, 2004 1:00 PM To: khoi@oddworld.com Cc: freebsd-stable@freebsd.org Subject: Re: Port scan detection in ipfw2 Khoi Dinh wrote: > This is a repost and I was hoping there might be a solution to this. > I was wondering if ipfw2 has the ability to detect port scan like > iptables with the psd module. I'm looking for a kernel-based > solution, not app-based like portsentry. ipfw performs packet inspection and it can certainly recognize the traffic associated with a port scan, yes. The kernel provides support for limiting the generation of ICMP error messages, which is what happens when someone port scans a bunch of closed ports. What else did you want to do? > Also, is ipfw2 able to allow/disallow traffic according to time? ie. > If I wanted to allow http traffic only from 9am to 1pm, can I do this > with ipfw? IPFW and IPFW2 have no notion of time, but one could very easily use cron to change your firewall rulesets at specific times in order to accomplish what you've asked for. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?HZ41B200.02Y>