Port scan detection in ipfw2
Kris Kennaway
kris at obsecurity.org
Thu Jun 10 23:13:51 GMT 2004
On Thu, Jun 10, 2004 at 11:47:00AM -0700, Khoi Dinh wrote:
> Thanks all the responses. I was thinking of the cron solution too but
> wanted to see if there was something nifty in ipfw that I didn't know about.
> My main concern is still the port scan detection. I guess there is really
> no way to set up ipfw to detect port scan. Some users have suggested using
> user app for this but my firewall is already set up to deny everything
> except for some specific traffic. Using a user app would not do any good
> because the application would never see the scan.
It would parse the ipfw logs.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20040610/b5000452/attachment.bin
More information about the freebsd-stable
mailing list