Date: Thu, 30 Nov 2006 11:10:54 -0800 From: Chuck Swiger <cswiger@mac.com> To: Wasp King <waspking2003@yahoo.com> Cc: questions@freebsd.org Subject: Re: stop a freebsd server from responding to pinging? Message-ID: <CD86A958-48D7-4C00-83FD-3242B75661C7@mac.com> In-Reply-To: <365084.23607.qm@web37213.mail.mud.yahoo.com> References: <365084.23607.qm@web37213.mail.mud.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 30, 2006, at 10:55 AM, Wasp King wrote: > 1. How do I stop others from port scanning a server? Marcus Ranum suggests using wirecutters on the ethernet cable. If the server is internet-reachable, then it can be port-scanned. Less drastic measures than removing it from the network entirely would including configuring a firewall to block all ports except those absolutely required for the necessary functions which the machine needs to perform, and "hardening" the OS to reduce the potential exposure. > 2. is stopping the response to pinging enough? No. > 3. how to do I stop the server from responding to pinging? Use a firewall like ipfw or ipf to block ICMP traffic types 0 & 8: ipfw add 1 deny icmp from any to any icmptype 0,8 -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CD86A958-48D7-4C00-83FD-3242B75661C7>