Date: Wed, 25 Jul 2001 15:37:46 -0700 From: Mahlon Smith <reich@internetcds.com> To: GARGIULO Eduardo INGDESI <YAPEDU@SIDERAR.COM> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw questions Message-ID: <20010725153746.K2068@internetcds.com> In-Reply-To: <F06719ACCB96D311B52C0008C7B1518B028468E6@SARZSEX2>; from "YAPEDU@SIDERAR.COM" on Wed, Jul 25, 2001 at 03:01:51PM References: <F06719ACCB96D311B52C0008C7B1518B028468E6@SARZSEX2>
next in thread | previous in thread | raw e-mail | index | archive | help
You can't really protect against port scanners without blocking the port entirely. There isn't much of a point to it anyway, you can't provide a service and show it as unavailable simultaneously. However, you can be notified of who's doing it with 'snort' out of ports, and complain to their abuse dept. Sometimes is works. Look into the dummynet features of ipfw to bandwidth limit icmp flooding at your router, works well. If the windows boxes behind your router are still capable of being taken down by the ping of death... I think you probably have other issues that need worked out first. Like upgrading. (Unless there is a new one I don't know about, that exploit is about 6 years old) -Mahlon -- Mahlon Smith InternetCDS http://www.internetcds.com On Wed, Jul 25, 2001, GARGIULO Eduardo INGDESI wrote: > Hi all. > > I'm running 4.2-RELEASE and using tun0 to connect to Internet > I'm looking for ipfw rules to protect my LAN against syn-floods, > furtive port scanners and DoS, more exactly, ping of death. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010725153746.K2068>