Date: Mon, 2 Jul 2001 16:55:06 +0800 From: "Ling Ling" <llchan@eweb-asia.com> To: "Kelvin Ng Chee Hoong" <nchee_hoong@pacific.net.sg> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: Port scanning Message-ID: <00ba01c102d4$b2ebba80$25904bca@ewebasia.com> References: <3B4037F4.7A6EB55D@pacific.net.sg>
next in thread | previous in thread | raw e-mail | index | archive | help
Kelvin,
Did you turn on the following parameters in /etc/rc.conf or
/etc/defaults/rc.conf?
# For the following two options, you need to have TCP_DROP_SYNFIN and
# TCP_RESTRICT_RST set in your kernel. Please refer to LINT for details.
tcp_drop_synfin="YES" # Set to YES to drop TCP packets with
SYN+FIN
# NOTE: this violates the TCP
specification
tcp_restrict_rst="YES" # Set to YES to restrict emission of RST
Check on a website http://www.freebsd-howto.com for further details .
Regards,
Ling Ling
----- Original Message -----
From: "Kelvin Ng Chee Hoong" <nchee_hoong@pacific.net.sg>
To: <freebsd-questions@FreeBSD.ORG>
Sent: Monday, July 02, 2001 4:59 PM
Subject: Port scanning
> Hi ;
> I've enabled TCP_DROP_SYNFIN and TCP_RESTRICT_RST options to against
> nmap and port scanning. To run the test , I ran nmap from another Linux
> machine . Although these two options have enabled , nmap still able
> scan through and list the state of services are running.
> Question :
> (1) How do I configure FBSD to against port scanning ?
> (2) Where log file is stored to capture the event of port scanning ?
> (3) How do I configure FBSD to send email alert or SMS once encountered
> port scanning action take place ?
> Please advise .
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00ba01c102d4$b2ebba80$25904bca>