portscan protection feature in netBSD

Discussion:

harshavardhan Reddy

2014-08-11 23:39:25 UTC

Permalink

Hi All,

Is the portscan protection is provided in netBSD..?

Thank You,

Regards,
Hvr

Jeremy C. Reed

2014-08-12 00:02:51 UTC

Permalink

Post by harshavardhan Reddy
Is the portscan protection is provided in netBSD..?

See pkgsrc's net/iplog or security/portsentry packages. Also net/snort
can be configured to detect some port scans.

Also see http://www.openwall.com/scanlogd/ (but I don't see it in
pkgsrc).

You can probably also setup NPF (or the other packet filters) to detect
certain flags and do logging based on the matches.

harshavardhan Reddy

2014-08-12 19:05:29 UTC

Permalink

Hi Jeremy,

Thanks for your quick reply.

In the NPF framework I feel there is no support for portscan protection
like the way it present in linux netfilter framework using "recent"
algorithm.

If any inputs related to the portscan prevention in NPF will be greatly
appreciable.

Thank You,

Regards,
Hvr

Post by Jeremy C. Reed

Post by harshavardhan Reddy
Is the portscan protection is provided in netBSD..?

See pkgsrc's net/iplog or security/portsentry packages. Also net/snort
can be configured to detect some port scans.
Also see http://www.openwall.com/scanlogd/ (but I don't see it in
pkgsrc).
You can probably also setup NPF (or the other packet filters) to detect
certain flags and do logging based on the matches.