Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: smart banning of an attacking-IP on a PF firewall?

smart banning of an attacking-IP on a PF firewall? 11 years 7 months ago #8371

Hello:

I'm trying to configure the PF of an Open BSD to react smartly against attacks and ban the attacking IP for several minutes.

I've heard it's possible, (heard being the key word here).

How can I approach this?

Thanks
HoraShadow
The administrator has disabled public write access.

Re: smart banning of an attacking-IP on a PF firewall? 11 years 7 months ago #8373

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Can you explain where you are getting attack information from? Are you trying to integrate Pf with an IDS?
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.

Re: smart banning of an attacking-IP on a PF firewall? 11 years 7 months ago #8376

So far, the only thing I have is the PF.

Hm, I guess I should have asked it this way.

What software/hardware should I use to build a smart system defence, that bans for a while, posible attackers while they are scanning my ports?

I have an Open BSD with a configured PF doing firewall/NAT as a start.

The only thing that has to stay is the Open BSD. The PF can go if it gets in the way.
The administrator has disabled public write access.

Re: smart banning of an attacking-IP on a PF firewall? 11 years 7 months ago #8384

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Well for what you're asking for I would usually recommend snort inline
snort-inline.sourceforge.net/

However unlike regular snort which runs extremely snugly on *BSD, snort-inline, since it uses iptables.. you'll have to use this document for your setup
freebsd.rogness.net/snort_inline/

That should cover your smart defence requirements very decently.

Cheers,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.

Re: smart banning of an attacking-IP on a PF firewall? 11 years 7 months ago #8387

Okey.. this looks exactly what I was looking!

Time to start researching. Thanks a lot for the good data, I really apreciate it!
The administrator has disabled public write access.

Re: smart banning of an attacking-IP on a PF firewall? 11 years 7 months ago #8389

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
No problem.. drop a line about how your implementation or testing goes as I'd like to know how well it works out.


Cheers mate,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.082 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup