-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEE7sBxPmxNSLEwQp4k5k1h0mWW9oAFAmFhohEACgkQ5k1h0mWW
9oDLjwgAjUu9yQoIMTY33dTQnIkuuGqnHDvDG1dRmP6OFv7pvGbQwdztVTFR3L7U
EAVuDX5S1xUgzo4xfoBHe+V+HhLzGhmrnqOIFmiLt/7Cek4rsWWMRcSKIQMaDeHK
K+eZSHWhoxFNCJi8G32ej5R2bkOiXDpl0DlrvQTacCG3IGbNWBe4I4SjzNwD246F
FujyQk6VWGXYqmk5VUjkvOY46UUuqlTpG/PZ6UqhSSMKudXEN1XU1gtICnuMYr10
5PkKpk1urfr3VVqFDIcfBzSkmrQERuBb0FQEh0etsN3Put1UTCv9FoTs34XH3c/S
NWUHijEdQf+OohWiF00q/aQjmiSzlg==
=kwuT
-----END PGP SIGNATURE-----
> 7. okt. 2021 kl. 15:58 skrev Barbaros Bilek <barbarosblek@gmail.com>:
>
> Hello misc,
>
> I try to block port scanning attempts with OpenBSD 6.9/amd64 + PF.
> At the top of my pf.conf i've added these lines but it didn't work.
>
> block in quick proto tcp all flags SF/SFRA label bps1
> block in quick proto tcp all flags FPU/SFRAUP label bps3
> block in quick proto tcp all flags /SFRA label bps4
> block in quick proto tcp all flags F/SFRA label bps5
> block in quick proto tcp all flags U/SFRAU label bps6
I personally find rules that specific to be too much work to even decipher.
What is it you are trying to achieve here?
If you want specifically to detect port scans, I have a hunch you would be better off constructing something out of state tracking options and overload tables.
That said, I have tended to generally recommend to start off your rules with a «block" (which will expand to "block drop all"), then fill in the ruleset with pass rules and whatever else you need that will let the traffic you want to allow to pass.
If you search the net with the obvious keywords you will find quite a few examples that can be quite instructive (including some of my own screeds at the first URL in my .signature).
All the best,
Peter N. M. Hansteen
—
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
No comments:
Post a Comment