From owner-freebsd-stable@FreeBSD.ORG  Thu Jun 10 19:59:39 2004
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4D25E16A4CE
	for <freebsd-stable@freebsd.org>;
	Thu, 10 Jun 2004 19:59:39 +0000 (GMT)
Received: from out004.verizon.net (out004pub.verizon.net [206.46.170.142])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D78B643D58
	for <freebsd-stable@freebsd.org>;
	Thu, 10 Jun 2004 19:59:38 +0000 (GMT)	(envelope-from cswiger@mac.com)
Received: from [192.168.1.3] ([68.161.84.3]) by out004.verizon.net
          (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP
          id <20040610195938.EXJZ1551.out004.verizon.net@[192.168.1.3]>;
          Thu, 10 Jun 2004 14:59:38 -0500
Message-ID: <40C8BDAA.9040301@mac.com>
Date: Thu, 10 Jun 2004 15:59:38 -0400
From: Chuck Swiger <cswiger@mac.com>
Organization: The Courts of Chaos
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.7) Gecko/20040608
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: khoi@oddworld.com
References: <HZ2RNN00.Q1Y@luskan.oddworld.com>
In-Reply-To: <HZ2RNN00.Q1Y@luskan.oddworld.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Authentication-Info: Submitted using SMTP AUTH at out004.verizon.net from
	[68.161.84.3] at Thu, 10 Jun 2004 14:59:37 -0500
cc: freebsd-stable@freebsd.org
Subject: Re: Port scan detection in ipfw2
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jun 2004 19:59:39 -0000

Khoi Dinh wrote:
> This is a repost and I was hoping there might be a solution to this.  I was
> wondering if ipfw2 has the ability to detect port scan like iptables with
> the psd module.  I'm looking for a kernel-based solution, not app-based like
> portsentry.

ipfw performs packet inspection and it can certainly recognize the traffic 
associated with a port scan, yes.  The kernel provides support for limiting 
the generation of ICMP error messages, which is what happens when someone port 
scans a bunch of closed ports.  What else did you want to do?

> Also, is ipfw2 able to allow/disallow traffic according to
> time? ie. If I wanted to allow http traffic only from 9am to 1pm, can I do
> this with ipfw?

IPFW and IPFW2 have no notion of time, but one could very easily use cron to 
change your firewall rulesets at specific times in order to accomplish what 
you've asked for.

-- 
-Chuck