Re: IPFilter Rules for Port Scanning

This is a discussion on Re: IPFilter Rules for Port Scanning within the IPFilter forums, part of the System Security and Security Related category; Deogratias Nondi wrote: > I am in a process of developing a firewall for the purpose of > blocking/filtering ...


Go Back   Usenet Forums > System Security and Security Related > IPFilter

Reload this Page Re: IPFilter Rules for Port Scanning

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 05-15-2006
Jim Sandoz
 
Posts: n/a
Default Re: IPFilter Rules for Port Scanning
Deogratias Nondi wrote:
> I am in a process of developing a firewall for the purpose of
> blocking/filtering port scans on my host machines.

what do your "host machines" do? smtp? ftp? www?

> I am looking on how to properly write rules to block SYN, FIN, XMAS and
> NULL scans.

are you trying to protect against scans or intrusions?

> What I have found so far is to allow just SYN packets and
> block everything else.

good plan. just allow SYNs on the ports you need open.

> I don't really like this idea

why not?

> and would like to
> write specific filter rules for each of the scans I mentioned.

i have a few years of experience with firewalls and ipf; that said,
i will tell you this: the simpler your rules are the better.

jim
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 09:57 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0