syn scan

Anton Butsyk anton at abutsyk.sumy.ua
Thu May 12 04:12:08 PDT 2005


Dear all,

Is it possible to detect and/or disable nmap SYN scan with ipfw?
I've added rule follow below, it catchs some packets from nmap but not all

deny tcp from any to me dst-port 22,25,53,80,443 \
                                       tcpflags syn,!fin,!ack,!psh,!rst,!urg
\
                                       tcpoptions mss,window,!sack,ts,!cc
may be is't rigth way to intrusion detection/prevention system, may be
snort?

Thanks,
bam



More information about the freebsd-ipfw mailing list