Port scan detection in ipfw2

Kris Kennaway kris at obsecurity.org
Thu Jun 10 23:13:51 GMT 2004


On Thu, Jun 10, 2004 at 11:47:00AM -0700, Khoi Dinh wrote:
> Thanks all the responses.  I was thinking of the cron solution too but
> wanted to see if there was something nifty in ipfw that I didn't know about.
> My main concern is still the port scan detection.  I guess there is really
> no way to set up ipfw to detect port scan.  Some users have suggested using
> user app for this but my firewall is already set up to deny everything
> except for some specific traffic.  Using a user app would not do any good
> because the application would never see the scan.

It would parse the ipfw logs.

Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20040610/b5000452/attachment.bin


More information about the freebsd-stable mailing list