Virtual IPs that respond to Pings/etc. Basically Decoys

user7352

Hi.  I am new to pfSense and am learning about virtual IPs and mapping them via NAT to my internal IPs for server that I want to be accessible from inside my network.

However, I thought it may be useful to create some Virtual IPs that were not NAT'ed to any real host, but have the firewall reply to pings etc. to give the illusion that it was a real host to confuse or frustrate would be attackers trying to perform enumeration from out side my firewall.

Is this possible with pfSense?

KOM

Yes, as long as you have a rule on WAN that allows ICMP.  Honestly, I wouldn't bother with it.  Most scans and attacks are automated and you're not going to fool or frustrate anyone.  It's kind of like painting false doors on your house, hoping to confuse a burglar.

cmb

@KOM:

Honestly, I wouldn't bother with it.  Most scans and attacks are automated and you're not going to fool or frustrate anyone.  It's kind of like painting false doors on your house, hoping to confuse a burglar.

Indeed. I like that analogy. :D

johnpoz

Do you even have these IPs on the public side… Seems pointless to waste a valid pubic IP as a decoy.. That not going to fool anyone anyway.