Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 10 Jun 2004 11:47:00 -0700
From:      "Khoi Dinh" <khoi@oddworld.com>
To:        "'Paul Mather'" <paul@gromit.dlib.vt.edu>, "'Don Bowman'" <don@sandvine.com>
Cc:        freebsd-stable@freebsd.org
Subject:   RE: Port scan detection in ipfw2
Message-ID:  <HZ3W6C00.M2N@luskan.oddworld.com>
In-Reply-To: <1086874211.9393.32.camel@zappa.Chelsea-Ct.Org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Thanks all the responses.  I was thinking of the cron solution too but
wanted to see if there was something nifty in ipfw that I didn't know about.
My main concern is still the port scan detection.  I guess there is really
no way to set up ipfw to detect port scan.  Some users have suggested using
user app for this but my firewall is already set up to deny everything
except for some specific traffic.  Using a user app would not do any good
because the application would never see the scan.

Thanks again,
Khoi

-----Original Message-----
From: owner-freebsd-stable@freebsd.org
[mailto:owner-freebsd-stable@freebsd.org] On Behalf Of Paul Mather
Sent: Thursday, June 10, 2004 6:30 AM
To: Don Bowman
Cc: khoi@oddworld.com; freebsd-stable@freebsd.org
Subject: RE: Port scan detection in ipfw2

On Thu, 2004-06-10 at 08:46, Don Bowman wrote:

> There was a patch to ipfw posted last year that gave time to rules.

Interesting.  Does the rule processing of the patch burden all packets with
an extra check (for time validity), or just those with a time restraint on
the rule?  I wonder, also, how "keep-state" rules are handled.  Are the time
constraints of the "keep-state" rule included with the dynamic rule created
from it?  (If not, that would mean a packet could be allowed in violation of
its time constraint?)

Does the syntax of time specification use the local time zone, and, if so,
what happens during the switch between daylight savings... ;-)

Cheers,

Paul.
--
e-mail: paul@gromit.dlib.vt.edu

"Without music to decorate it, time is just a bunch of boring production
deadlines or dates by which bills must be paid."
        --- Frank Vincent Zappa

_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"


!DSPAM:40c86900483383735917220!

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?HZ3W6C00.M2N>