syn scan
Chris Dionissopoulos
dionch at freemail.gr
Thu May 12 06:12:43 PDT 2005
> Is it possible to detect and/or disable nmap SYN scan with ipfw?
> I've added rule follow below, it catchs some packets from nmap but not all
>
> deny tcp from any to me dst-port 22,25,53,80,443 \
> tcpflags
> syn,!fin,!ack,!psh,!rst,!urg
> \
> tcpoptions mss,window,!sack,ts,!cc
> may be is't rigth way to intrusion detection/prevention system, may be
> snort?
>
Try snort + snortsam (ipfw2) plugin.
http://www.snortsam.net/
____________________________________________________________________
http://www.freemail.gr - ДЫЯЕэМ УПГЯЕСъА ГКЕЙТЯОМИЙОЩ ТАВУДЯОЛЕъОУ.
http://www.freemail.gr - free email service for the Greek-speaking.
More information about the freebsd-ipfw
mailing list