Date: Thu, 10 Jun 2004 16:13:47 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Khoi Dinh <khoi@oddworld.com> Cc: freebsd-stable@freebsd.org Subject: Re: Port scan detection in ipfw2 Message-ID: <20040610231347.GB99161@xor.obsecurity.org> In-Reply-To: <HZ3W6C00.M2N@luskan.oddworld.com> References: <1086874211.9393.32.camel@zappa.Chelsea-Ct.Org> <HZ3W6C00.M2N@luskan.oddworld.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--DKU6Jbt7q3WqK7+M Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Jun 10, 2004 at 11:47:00AM -0700, Khoi Dinh wrote: > Thanks all the responses. I was thinking of the cron solution too but > wanted to see if there was something nifty in ipfw that I didn't know about. > My main concern is still the port scan detection. I guess there is really > no way to set up ipfw to detect port scan. Some users have suggested using > user app for this but my firewall is already set up to deny everything > except for some specific traffic. Using a user app would not do any good > because the application would never see the scan. It would parse the ipfw logs. Kris --DKU6Jbt7q3WqK7+M Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAyOsrWry0BWjoQKURAmjFAJ4ze7EhH3am9Il/xRWCu7y7KrHc5gCg+tY1 1mlMkuMyzz7aYE8kv6zejW0= =PXGr -----END PGP SIGNATURE----- --DKU6Jbt7q3WqK7+M--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040610231347.GB99161>