Date: Fri, 16 Sep 2005 11:51:14 -0400 From: Chuck Swiger <cswiger@mac.com> To: Boris Karloff <modelt20@canada.com> Cc: freebsd-questions@freebsd.org Subject: Re: ct Re: NMAP probing of network ports Message-ID: <432AE9F2.2000003@mac.com> In-Reply-To: <432addeb.e9.3d26.10012@canada.com> References: <432addeb.e9.3d26.10012@canada.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Boris Karloff wrote: > Thank you for your reply. > > Nmap is generating many tcp commands: > > arp who-has 192.168.0.x tell 192.168.0.5 > > where x is an incremented number from 0 through 255. The > 192.168.0.5 address changes from scan to scan, so blocking > the port 192.168.0.5 doesn't work. That's not a TCP command, that's layer-2 ARP traffic, used to map ethernet MAC addresses to IP addresses. Unless you're being scanned from different machines on your LAN, or unless you are scanning from different machines on your LAN, such traffic will only come from the IP of the subnet's router. While you could configure /etc/ethers and disable ARP, frankly, I suspect you are not solving the problem you think you'd be solving. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?432AE9F2.2000003>