Quote:
Originally Posted by Dr-D
I am continually being port scanned and tried to break into my network which my router security logs show. My router counteracts these attacks by going offline for 30 seconds and renewing the IP address.
|
That's the dumbest "solution" to being scanned that I've ever heard. If it implements "security" like this, I have no doubt that OpenBSD will easily meet your needs.
For a basic home network, what you have is pretty sufficient (unless you don't trust your users at home, in which case you should control out-bound access as well...). I'm not sure about allowing icmp, either, but that's just me. You could also scrub and synproxy (might be overkill, but you
are being scanned...)
You can also setup a table to hold scanning ip's and block anything from said table. With your logging, you could write up a script to watch the logs for scans and add the scanning ip to the block table, or utilize a pre-written port for handling the same. Or better yet, rate limit how many half-open connections a given ip is allowed.