Port scan detection in ipfw2

Khoi Dinh khoi at oddworld.com
Thu Jun 10 18:47:12 GMT 2004


Thanks all the responses.  I was thinking of the cron solution too but
wanted to see if there was something nifty in ipfw that I didn't know about.
My main concern is still the port scan detection.  I guess there is really
no way to set up ipfw to detect port scan.  Some users have suggested using
user app for this but my firewall is already set up to deny everything
except for some specific traffic.  Using a user app would not do any good
because the application would never see the scan.

Thanks again,
Khoi

-----Original Message-----
From: owner-freebsd-stable at freebsd.org
[mailto:owner-freebsd-stable at freebsd.org] On Behalf Of Paul Mather
Sent: Thursday, June 10, 2004 6:30 AM
To: Don Bowman
Cc: khoi at oddworld.com; freebsd-stable at freebsd.org
Subject: RE: Port scan detection in ipfw2

On Thu, 2004-06-10 at 08:46, Don Bowman wrote:

> There was a patch to ipfw posted last year that gave time to rules.

Interesting.  Does the rule processing of the patch burden all packets with
an extra check (for time validity), or just those with a time restraint on
the rule?  I wonder, also, how "keep-state" rules are handled.  Are the time
constraints of the "keep-state" rule included with the dynamic rule created
from it?  (If not, that would mean a packet could be allowed in violation of
its time constraint?)

Does the syntax of time specification use the local time zone, and, if so,
what happens during the switch between daylight savings... ;-)

Cheers,

Paul.
--
e-mail: paul at gromit.dlib.vt.edu

"Without music to decorate it, time is just a bunch of boring production
deadlines or dates by which bills must be paid."
        --- Frank Vincent Zappa

_______________________________________________
freebsd-stable at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"


!DSPAM:40c86900483383735917220!




More information about the freebsd-stable mailing list