On Thursday 30 November 2006 12:55, Wasp King wrote:
> 1. How do I stop others from port scanning a server?
>
> 2. is stopping the response to pinging enough?
>
> 3. how to do I stop the server from responding to
> pinging?
>
> Running FreeBSD 4.2 and 6.1.
>
> I changed the /etc/rc.network file to "NO" for
> broadcast ping responses, and this did not work (still
> responding to ping) when I rebooted:
>
>
>         case ${icmp_bmcastecho} in
>         [Yy][Ee][Ss])
>                 echo -n ' broadcast ping responses=NO'
>                 sysctl net.inet.icmp.bmcastecho=1
>
> >/dev/null
>
Wasp,

Check out /usr/ports/security/portsentry to reject portscan attempts.  By 
default it uses /etc/hosts.deny, which is deprecated.  But you can configure 
it to run a command ("KILL_ROUTE" in portsentry.conf) to do just about 
anything you want.

My KILL_ROUTE command is a perl script that sends syslog entries 
to /var/log/auth.log, which are intercepted by /usr/ports/security/sshit to 
only temporarily block an offending ip using ipfw.  It also sends an email 
notification at the time of the attempt, so I can be sure to keep an eye on 
the trouble-maker.

BTW: I think to completely block ping/traceroute you would add an ipfw rule 
like:

ipfw add drop icmp from any to any in via $eternal_nic

But that may introduce complications I'm unaware of ...

lane
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to