Date: Thu, 12 May 2005 16:11:44 +0300 From: "Chris Dionissopoulos" <dionch@freemail.gr> To: <freebsd-ipfw@freebsd.org> Subject: Re: syn scan Message-ID: <006501c556f4$371a3300$0100000a@R3B> References: <00a901c556e3$766ae8d0$0100030a@admin>
next in thread | previous in thread | raw e-mail | index | archive | help
> Is it possible to detect and/or disable nmap SYN scan with ipfw? > I've added rule follow below, it catchs some packets from nmap but not all > > deny tcp from any to me dst-port 22,25,53,80,443 \ > tcpflags > syn,!fin,!ack,!psh,!rst,!urg > \ > tcpoptions mss,window,!sack,ts,!cc > may be is't rigth way to intrusion detection/prevention system, may be > snort? > Try snort + snortsam (ipfw2) plugin. http://www.snortsam.net/ ____________________________________________________________________ http://www.freemail.gr - δωρεάν υπηρεσία ηλεκτρονικού ταχυδρομείου. http://www.freemail.gr - free email service for the Greek-speaking.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006501c556f4$371a3300$0100000a>