Date: Thu, 12 May 2005 14:12:18 +0300 From: "Anton Butsyk" <anton@abutsyk.sumy.ua> To: <freebsd-ipfw@freebsd.org> Subject: syn scan Message-ID: <00a901c556e3$766ae8d0$0100030a@admin>
next in thread | raw e-mail | index | archive | help
Dear all,
Is it possible to detect and/or disable nmap SYN scan with ipfw?
I've added rule follow below, it catchs some packets from nmap but not all
deny tcp from any to me dst-port 22,25,53,80,443 \
tcpflags syn,!fin,!ack,!psh,!rst,!urg
\
tcpoptions mss,window,!sack,ts,!cc
may be is't rigth way to intrusion detection/prevention system, may be
snort?
Thanks,
bam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00a901c556e3$766ae8d0$0100030a>