Date: Thu, 15 Sep 2005 13:43:56 -0500 From: "Boris Karloff" <modelt20@canada.com> To: freebsd-questions@freebsd.org Subject: NMAP probing of network ports Message-ID: <4329c0ec.244.232.3162@canada.com>
next in thread | raw e-mail | index | archive | help
Hello:
How do I cause freeBSD 5.4 to not respond to an nmap
inquiry? I have already tried creating a line in rc.firewall
that says:
${fwcmd} deny all from any to any
${fwcmd} drop all from any to any
I know these are active, since 1) I see them on the screen
at startup, and 2) pinging from any computer to any computer
results in a timeout.
(both of these should drop all TCP packets; but apparently,
they cause a RESET message to be sent.)
I've also tried adding the following to sysctl.conf:
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1
Again, these don't seem to prevent my freeBSD from sending a
packet (probably a RESET or UNREACHABLE-HOST ack).
Once the person sending the nmap to this machine has the IP,
its a simple step for them to ip-flood this machine; or
worse.
How do I make freeBSD not acknowledge the fingerprint from
nmap?
Thanks in advance.
Harold.
----------------------------------------
Upgrade your account today for increased storage; mail
forwarding or POP enabled e-mail with automatic virus
scanning. Visit
http://www.canada.com/email/premiumservices.html for more
information.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4329c0ec.244.232.3162>