Pfsense block program?



  • simple question maybe sounds silly..
    how to block angry ipscanner?
    or i juz block the icmp?? is it solve the problem?

    is pfsense can do that?



  • Use snort. There you can block any sort of scanners. On the other hand, scanners do not really hurt.



  • @Monoecus:

    Use snort. There you can block any sort of scanners. On the other hand, scanners do not really hurt.

    so what attack do u think that really hurtfull  :P



  • DDoS
    buffer overflow exploits (if present in the underlaying system/driver)
    More a problem of the hosts/clients behind the pfSense: trojans, various ways of code injection.
    PEBKAC exploits (send an email to an employee with fake sender: "please change your password to xyz" and then log in with his credentials.)

    I think you can think of more attacks yourself or just use google…



  • @GruensFroeschli:

    DDoS
    buffer overflow exploits (if present in the underlaying system/driver)
    More a problem of the hosts/clients behind the pfSense: trojans, various ways of code injection.
    PEBKAC exploits (send an email to an employee with fake sender: "please change your password to xyz" and then log in with his credentials.)

    I think you can think of more attacks yourself or just use google…

    okay how bout the anticipation the attack using PF sense?
    1.DDOS = juz turn off the ICMP.. no client can ping server/router is it right?
    2.More a problem of the hosts/clients behind the pfSense = juz install antivirus and make it limited account (is it solve ?)
    3.buffer overflow = no idea how to solve it
    4.PEBKAC exploit = actually that's not a threat if we using limited account.. right?



  • @iamthed:

    Doesn't matter. Any DDoS attack is going to knock you off the Internet unless you have a huge amount of bandwidth. State limiting can be effective here if you have a huge amount of bandwidth, otherwise there just isn't anything you can do, you're reliant on your ISP.

    @iamthed:

    Those things help, but don't solve the problem. Lot more to this than can be offered in a forum post, check out some security books.


Log in to reply