Is it possible to detect and/or disable nmap SYN scan with ipfw? I've added rule follow below, it catchs some packets from nmap but not all
deny tcp from any to me dst-port 22,25,53,80,443 \
tcpflags syn,!fin,!ack,!psh,!rst,!urg
\
tcpoptions mss,window,!sack,ts,!cc
may be is't rigth way to intrusion detection/prevention system, may be
snort?
Try snort + snortsam (ipfw2) plugin. http://www.snortsam.net/
____________________________________________________________________ http://www.freemail.gr - ДЫЯЕэМ УПГЯЕСъА ГКЕЙТЯОМИЙОЩ ТАВУДЯОЛЕъОУ. http://www.freemail.gr - free email service for the Greek-speaking. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
