View Single Post
  #2   (View Single Post)  
Old 18th June 2011
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 429
Default

Quote:
Originally Posted by Dr-D View Post
I am continually being port scanned and tried to break into my network which my router security logs show. My router counteracts these attacks by going offline for 30 seconds and renewing the IP address.
That's the dumbest "solution" to being scanned that I've ever heard. If it implements "security" like this, I have no doubt that OpenBSD will easily meet your needs.

For a basic home network, what you have is pretty sufficient (unless you don't trust your users at home, in which case you should control out-bound access as well...). I'm not sure about allowing icmp, either, but that's just me. You could also scrub and synproxy (might be overkill, but you are being scanned...)

You can also setup a table to hold scanning ip's and block anything from said table. With your logging, you could write up a script to watch the logs for scans and add the scanning ip to the block table, or utilize a pre-written port for handling the same. Or better yet, rate limit how many half-open connections a given ip is allowed.
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.
Reply With Quote