Virtual IPs that respond to Pings/etc. Basically Decoys



  • Hi.  I am new to pfSense and am learning about virtual IPs and mapping them via NAT to my internal IPs for server that I want to be accessible from inside my network.

    However, I thought it may be useful to create some Virtual IPs that were not NAT'ed to any real host, but have the firewall reply to pings etc. to give the illusion that it was a real host to confuse or frustrate would be attackers trying to perform enumeration from out side my firewall.

    Is this possible with pfSense?



  • Yes, as long as you have a rule on WAN that allows ICMP.  Honestly, I wouldn't bother with it.  Most scans and attacks are automated and you're not going to fool or frustrate anyone.  It's kind of like painting false doors on your house, hoping to confuse a burglar.



  • @KOM:

    Honestly, I wouldn't bother with it.  Most scans and attacks are automated and you're not going to fool or frustrate anyone.  It's kind of like painting false doors on your house, hoping to confuse a burglar.

    Indeed. I like that analogy. :D


  • LAYER 8 Global Moderator

    Do you even have these IPs on the public side… Seems pointless to waste a valid pubic IP as a decoy.. That not going to fool anyone anyway.


Log in to reply