OK, so about these rules:
@1 block return in log all
@2 pass out quick on sis0 proto tcp all flags S/SA modulate state
@3 pass out all flags S/SA keep state
I still don't see how that opens any ports for outbound traffic
returning as part of a request from inbound traffic. All traffic
* Kevin Chadwick ma1l1i...@yahoo.co.uk [2010-11-14 17:43]:
I'd say drop mode saves some resources in case of dos
no. if the attack is doen using the stack of the atacking host(s),
sending the damn RAT back will ave you ressources.
I don't see timeouts for users connecting to the wrong place
On Fri, 12 Nov 2010 17:29:53 -0500
Chris Smith obsd_m...@chrissmith.org wrote:
On Fri, Nov 12, 2010 at 5:06 PM, David Astua dast...@gmail.com wrote:
Check this:
http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject
Good article. Stealth mode is highly overrated. I generally use
Kevin Chadwick ma1l1i...@yahoo.co.uk writes:
I'd say drop mode saves some resources in case of dos and does slow down
the scan. I don't see timeouts for users connecting to the wrong place
as a big problem at all, though the messages may help them
very occasionally.
For the drop vs return
On Fri, Nov 12, 2010 at 2:16 PM, Frank Brodbeck f...@guug.de wrote:
and please stop using macros for interfaces.
What exactly is wrong with using macros for interfaces? It seems very
common, and is repeated in both the OpenBSD's PF FAQ and The Book of
PF.
OK, so about these rules:
@1 block
Hello @misc!
I have a lovely little Soekris 4501 running OpenBSD 4.7 (Release).
However, I get some strange results if I run a nmap scan on it from
work. I get hundreds of ports listed as open. Now it's likely that I
have mis-configured my firewall but I can' see exactly where.
Hopefully someone
(please see my in-line comments)
On Fri, Nov 12, 2010 at 12:09 PM, Kenneth Gober kgo...@gmail.com wrote:
is it this?
# redirect external ssh traffic from ?
pass in log on $ext_if inet proto tcp to ($ext_if) port ?\
rdr-to 127.0.0.1 port 22
to me, that rule looks like it will
On Fri, Nov 12, 2010 at 12:53 PM, woolsherpahat woolsherpa...@gmail.com
wrote:
On Fri, Nov 12, 2010 at 12:09 PM, Kenneth Gober kgo...@gmail.com wrote:
is it this?
# redirect external ssh traffic from ?
pass in log on $ext_if inet proto tcp to ($ext_if) port ?\
rdr-to 127.0.0.1
Try:
set block-policy return
You should get your proper closed messages in nmap
On Fri, Nov 12, 2010 at 13:27, woolsherpahat woolsherpa...@gmail.com wrote:
(please see my in-line comments)
On Fri, Nov 12, 2010 at 12:09 PM, Kenneth Gober kgo...@gmail.com wrote:
is it this?
# redirect
2010/11/12 xSAPPYx xsap...@gmail.com:
Try:
set block-policy return
You should get your proper closed messages in nmap
On Fri, Nov 12, 2010 at 13:27, woolsherpahat woolsherpa...@gmail.com
wrote:
(please see my in-line comments)
On Fri, Nov 12, 2010 at 12:09 PM, Kenneth Gober
# policy: default allow on all outbound traffic on all interfaces
pass out
Guess what's this part is doing. It enables any traffic from your
router to outside world and will open appropriate ports back to your
network.
OK. That makes sense, but all inbound traffic is dropped... so while
all
On Fri, Nov 12, 2010 at 5:06 PM, David Astua dast...@gmail.com wrote:
Check this:
http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject
Good article. Stealth mode is highly overrated. I generally use
return except in the case of bogons.
12 matches
Mail list logo
