freebsd-ipfw Digest, Vol 62, Issue 1

Ed Stover estover at nativenerds.com
Wed Jun 2 20:35:44 PDT 2004 

Me personally , I would  implement black holing. Want to give the
impression that you machine is not turned on. IPFW can deny the packets
but black holing will completely drop them.
1. Edit your /etc/sysctl.conf
   a.add these lines
	net.inet.tcp.blackhole=2
	net.inet.udp.blackhole=1
These will modify your OS fingerprint and only syn scans will work and
they will work real slow.


On Mon, 2004-05-31 at 13:00, freebsd-ipfw-request at freebsd.org wrote:
> Send freebsd-ipfw mailing list submissions to
> 	freebsd-ipfw at freebsd.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> or, via email, send a message with subject or body 'help' to
> 	freebsd-ipfw-request at freebsd.org
> 
> You can reach the person managing the list at
> 	freebsd-ipfw-owner at freebsd.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of freebsd-ipfw digest..."
> 
> 
> Today's Topics:
> 
>    1. newbie question (El DaEm0n)
>    2. Re: newbie question (Chuck Swiger)
>    3. Re: newbie question (El DaEm0n)
>    4. Re: newbie question (Chuck Swiger)
>    5. Current problem reports assigned to you (FreeBSD bugmaster)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Mon, 31 May 2004 00:05:13 +0000
> From: "El DaEm0n" <jackass_wasa at hotmail.com>
> Subject: newbie question
> To: freebsd-ipfw at freebsd.org
> Message-ID: <BAY12-F80XNdGPB0BgB0001dfc7 at hotmail.com>
> Content-Type: text/plain; charset=iso-8859-1; format=flowed
> 
> hi guys, i have a question how can i made with IPW show portscan that my  
> system is down?
> 
> _________________________________________________________________
> MSN Fotos: la forma más fácil de compartir e imprimir fotos.  
> http://photos.msn.es/support/worldwide.aspx
> 
> 
> ------------------------------
> 
> Message: 2
> Date: Mon, 31 May 2004 12:46:11 -0400
> From: Chuck Swiger <cswiger at mac.com>
> Subject: Re: newbie question
> To: El DaEm0n <jackass_wasa at hotmail.com>
> Cc: freebsd-ipfw at freebsd.org
> Message-ID: <40BB6153.5050604 at mac.com>
> Content-Type: text/plain; charset=us-ascii; format=flowed
> 
> El DaEm0n wrote:
> > hi guys, i have a question how can i made with IPW show portscan that 
> > my  system is down?
> 
> Disconnect the ethernet cable?
> "ipfw add 10 deny ip from any to any"
> 
> ...a little more context would help us give a more useful answer.
> 
> -- 
> -Chuck
> 
> 
> ------------------------------
> 
> Message: 3
> Date: Mon, 31 May 2004 17:22:36 +0000
> From: "El DaEm0n" <jackass_wasa at hotmail.com>
> Subject: Re: newbie question
> To: freebsd-ipfw at freebsd.org
> Message-ID: <BAY12-F77L4Sxsew2gI0003c448 at hotmail.com>
> Content-Type: text/plain; charset=iso-8859-1; format=flowed
> 
> ok my problem is when i made a portscan to my server  in another pc it 
> revealed my open ports, so all i wanna do is when i made a ports scan from 
> another pc to my server mi IPFW show to portscan that my system appears 
> down,
> 
> i see this in other systems  using PF but i wanna know how to make using 
> IPFW
> can you help?
> 
> thanks!
> 
> 
> >El DaEm0n wrote:
> >>hi guys, i have a question how can i made with IPW show portscan that my  
> >>system is down?
> >
> >Disconnect the ethernet cable?
> >"ipfw add 10 deny ip from any to any"
> >
> >...a little more context would help us give a more useful answer.
> >
> >--
> >-Chuck
> 
> _________________________________________________________________
> MSN Fotos: la forma más fácil de compartir e imprimir fotos.  
> http://photos.msn.es/support/worldwide.aspx
> 
> 
> ------------------------------
> 
> Message: 4
> Date: Mon, 31 May 2004 13:58:00 -0400
> From: Chuck Swiger <cswiger at mac.com>
> Subject: Re: newbie question
> To: El DaEm0n <jackass_wasa at hotmail.com>
> Cc: freebsd-ipfw at freebsd.org
> Message-ID: <40BB7228.904 at mac.com>
> Content-Type: text/plain; charset=us-ascii; format=flowed
> 
> El DaEm0n wrote:
> > ok my problem is when i made a portscan to my server  in another pc it 
> > revealed my open ports, so all i wanna do is when i made a ports scan 
> > from another pc to my server mi IPFW show to portscan that my system 
> > appears down,
> 
> You probably want to use something like this, from "man ipfw":
> 
>       The typical use of dynamic rules is to keep a closed firewall configura-
>       tion, but let the first TCP SYN packet from the inside network install a
>       dynamic rule for the flow so that packets belonging to that session will
>       be allowed through the firewall:
> 
>             ipfw add check-state
>             ipfw add allow tcp from my-subnet to any setup keep-state
>             ipfw add deny tcp from any to any
> 
> Going beyond these examples to a meaningful firewall configuration involves 
> thinking about your security policy, considering roles and required services, 
> etc....

More information about the freebsd-ipfw mailing list