On 2011-10-19, Wesley M. <[email protected]> wrote: > I'm not agree, > > Using PF, and only PF, we can feed a table using some parameters and it is > filtered on one/several ports. > > PF can't detect Network scan like nmap or ... So it is why i use scanlogdb > (it is in the OpenBSD Ports). > And some people use Snort also for this kind of things.
How do you know that the scans are really coming from the address written in the packets?
