Jan Koetze wrote:
> option to stop portscans the way portsentry does or at least drop the
> request for a few minutes when a portscan occurs. With the current
> release people can scan forever.
http://www.phildev.net/ipf/IPFques.html#18 <-- my opinion too
And RST and FIN scanning do not work with m0n0wall anyway due to the
> option to send a (hourly/daily) "firewall-report-message" to the
> administrator. With no external logserver available there are only a
> limited number of records in the log. Changes are that the
> administrator will never know the his systems where scanned or that
> someone was trying something on a port that is closed. A VERY bad
> thing i would say.
I for one have better things to do than finding out every day how many
people tried my NetBIOS ports. Better use an IDS (integrating one in
m0n0wall is being considered, but I won't promise anything).
> There could be much more like Dos Attacks, PoD, Anti spoofing but
Ping of Death? ICMP echo is blocked by default anyway, so those trying
to "ping you to death" will at most succeed in saturating your
downstream - something you cannot do anything about at all.
About DoS... there might be the possibility of limiting the number of
connections per source IP address in the future - once more, when
ipfilter supports it.
Anti spoofing? Another vague term. m0n0wall already makes sure that no
spoofed source IP addresses appear on WAN (i.e. packets with source
addresses that claim to be from your LAN or an optional network) by default.