Date: Fri, 16 Sep 2005 07:36:36 -0500 From: "Boris Karloff" <modelt20@canada.com> To: John Oxley <john@yoafrica.com>,freebsd-questions@freebsd.org Subject: ct Re: NMAP probing of network ports Message-ID: <432abc54.2b3.6a6c.3021@canada.com>
next in thread | raw e-mail | index | archive | help
>On Thu, Sep 15, 2005 at 01:43:56PM -0500, Boris Karloff
wrote:
>> Hello:
>>
>> How do I cause freeBSD 5.4 to not respond to an nmap
>> inquiry? I have already tried creating a line in
rc.firewall
>> that says:
>>
>> ${fwcmd} deny all from any to any
>> ${fwcmd} drop all from any to any
>>
>> I know these are active, since 1) I see them on the
screen
>> at startup, and 2) pinging from any computer to any
computer
>> results in a timeout.
>>
>> (both of these should drop all TCP packets; but
apparently,
>> they cause a RESET message to be sent.)
>Umm, try putting the drop before the deny. AFAIK, drop
just drops >the
>packet totally, and deny sends a RST back to the host.
That is if >ipfw
>works that way (ICBW). You don't need both these lines
anyway, only >one
>of them.
Thank you for your reply. My first message may have been a
little misleading. I had tried each line separately (they
only differ in the 'deny' and 'drop'). I should have been
more clear. I had also restarted the computer between
changes, just to be sure.
If the two rules were used in a single file, the second line
would never be executed; since the first rule would
terminate the rule checking; or the second rule would not
test true if the first did not, because it is identical to
the first. These commands have to be used independently. I
meant to imply they were tried separately.
It appears that when FreeBSD is sent an invalid packet
without the SYN or ACK bits set, it responds with a RESET
reply regardless of the ipfw rules. It appears this is one
of the things nmap is exploiting.
Any suggestions on how to modify this behavior?
Thanks.
Harold.
----------------------------------------
Upgrade your account today for increased storage; mail
forwarding or POP enabled e-mail with automatic virus
scanning. Visit
http://www.canada.com/email/premiumservices.html for more
information.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?432abc54.2b3.6a6c.3021>