Thanks for the answer.
But would it not be more wise to block a flood attack at the firewall?
(limiting the number of connections per IP, etc...)
Or am I thinking wrong here?
----- Original Message -----
From: "Hilton Travis" <Hilton at QuarkAV dot com>
To: <m0n0wall at lists dot m0n0 dot ch>
Sent: Saturday, February 21, 2004 11:13 PM
Subject: Re: [m0n0wall] Feature Request : Portscan block and Anti-DoS (butNO
> Hi Tim,
> On Sat, 2004-02-21 at 20:13, Timothy Jans wrote:
> > What I would like to see in M0n0wall is a Portscan blocker and Anti-DoS
> > which are adjustable in the Web interface
> > (because some services have none or bad anti-DoS protection).
> If you choose to run an insecure service behind your firewall, then you
> are asking for trouble. It is the job of any service to be secure - the
> firewall cannot "know" what is running behind it and implement specific
> security measures based on the application running on a particular
> server/port. The firewall's job is to stop all traffic that you don't
> specifically allow through, so if you allow traffic to an internal DMZ
> or LAN server, then it is your job, and the job of the server itself, to
> ensure that it is secure.
> As for a portscan blocker, this is unnecessary. Portscanning a network
> is not illegal. Portscanning a network can cause no damage if you have
> a secure network only allowing required traffic in, and if you are
> running secured servers internally that are listening for this traffic.
> > I do not mean a IDS like Snort because they do not actually belong in a
> > firewall.
> > (are too heavy (embedded systems), are too complicated (bugs) and I do
> > actually beleave in them...)
> I don't see how you cannot believe in a legitimate security tool such as
> an IDS yet want illegitimate "tools" such as anti-DOS and
> portscan-blocker features in a firewall.
> As you hinted at, running any unnecessary services on a firewall is
> asking for trouble. This is half the reason there's no snort (or other
> IDS) on m0n0wall - the other reason is that this is an inappropriate
> place for such a tool - inside the firewall is where these belong.
> Adding these esoteric functions you asked about to m0n0wall will do
> close to nothing for your security, will add to the code-base on the
> firewall (therefore add to its susceptability to vulnerability), and add
> to the load the firewall places on its hardware. None of these are
> Hilton Travis Phone: +61-(0)7-3343-3889
> Manager, Quark AudioVisual Phone: +61-(0)419-792-394
> Quark Computers http://www.QuarkAV.com/
> (Brisbane, Australia) http://www.QuarkAV.net/
> Open Source Projects: http://www.ares-desktop.org/
> Non Linear Video Editing Solutions & Digital Audio Workstations
> Network Administration, SmoothWall Firewalls, NOD32 AntiVirus
> Conference and Seminar AudioVisual Production and Recording
> War doesn't determine who is right. War determines who is left.
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch