[ previous ] [ next ] [ threads ]
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Jan Koetze <jan at koetze dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] m0n0wall feature request
 Date:  Fri, 23 Jan 2004 12:26:43 +0100
Jan Koetze wrote:

> option to stop portscans the way portsentry does or at least drop the
> request for a few minutes when a portscan occurs. With the current
> release people can scan forever.

So what?

http://www.phildev.net/ipf/IPFques.html#18  <-- my opinion too

And RST and FIN scanning do not work with m0n0wall anyway due to the
stateful filtering.

> option to send a (hourly/daily) "firewall-report-message" to the 
> administrator. With no external logserver available there are only a
> limited number of records in the log. Changes are that the
> administrator will never know the his systems where scanned or that
> someone was trying something on a port that is closed. A VERY bad 
> thing i would say.

I for one have better things to do than finding out every day how many 
people tried my NetBIOS ports. Better use an IDS (integrating one in 
m0n0wall is being considered, but I won't promise anything).

> There could be much more like Dos Attacks, PoD, Anti spoofing but

Ping of Death? ICMP echo is blocked by default anyway, so those trying 
to "ping you to death" will at most succeed in saturating your 
downstream - something you cannot do anything about at all.

About DoS... there might be the possibility of limiting the number of 
connections per source IP address in the future - once more, when 
ipfilter supports it.

Anti spoofing? Another vague term. m0n0wall already makes sure that no 
spoofed source IP addresses appear on WAN (i.e. packets with source 
addresses that claim to be from your LAN or an optional network) by default.

- Manuel