port scanning and hidden servers
Hello: I have a user on my network with a Linux box that is performing a port scan on all the computers in my network manually. He's doing this 'because he can'. Although I've asked him not to, he continues to do so. 1) How can I block or inhibit port scans launched against my freeBSD servers from within my network? 2) How can I 'hide' my freeBSD servers from users on the network? (If they can't see them, then they don't know to scan them.) Thanks in advance. Harold Upgrade your account today for increased storage; mail forwarding or POP enabled e-mail with automatic virus scanning. Visit http://www.canada.com/email/premiumservices.html for more information. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: port scanning and hidden servers
If you ask him not to do so, then you know who he is, correct? The best way to prevent him from continuing is to deny him access to the network. AFAIK there is no way to block a scan, though you could close ports and otherwise secure your systems so that the scans won't produce any helpful information? Hiding a server wont help much, nmap can scan blocks of IP's. If the servers aren't on the same network as your users they can't be scanned easily, but that might complicate your setup. IMHO, revoke the user's permission to access the network, or bring up the issue with someone who has the authority to do so. Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: port scanning and hidden servers
google up arp-sk, use it to modify the arp tables in switch and play with him a bit :) -Joshua -Original Message- From: [EMAIL PROTECTED] [mailto:owner-freebsd- [EMAIL PROTECTED] On Behalf Of Mike Hernandez Sent: Wednesday, September 07, 2005 10:26 AM To: [EMAIL PROTECTED] Subject: Re: port scanning and hidden servers If you ask him not to do so, then you know who he is, correct? The best way to prevent him from continuing is to deny him access to the network. AFAIK there is no way to block a scan, though you could close ports and otherwise secure your systems so that the scans won't produce any helpful information? Hiding a server wont help much, nmap can scan blocks of IP's. If the servers aren't on the same network as your users they can't be scanned easily, but that might complicate your setup. IMHO, revoke the user's permission to access the network, or bring up the issue with someone who has the authority to do so. Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: port scanning and hidden servers
Hello: I have a user on my network with a Linux box that is performing a port scan on all the computers in my network manually. He's doing this 'because he can'. Although I've asked him not to, he continues to do so. 1) How can I block or inhibit port scans launched against my freeBSD servers from within my network? 2) How can I 'hide' my freeBSD servers from users on the network? (If they can't see them, then they don't know to scan them.) Thanks in advance. Harold Try portsentry in conjunction with logcheck, both are in the ports. D. -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.18/91 - Release Date: 9/6/2005 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: port scanning and hidden servers
Boris Karloff wrote: I have a user on my network with a Linux box that is performing a port scan on all the computers in my network manually. He's doing this 'because he can'. Although I've asked him not to, he continues to do so. 1) How can I block or inhibit port scans launched against my freeBSD servers from within my network? 2) How can I 'hide' my freeBSD servers from users on the network? (If they can't see them, then they don't know to scan them.) 1st: You can't really block a port scan, you can block your ports for incoming connections so you will appear to be offline. You can also configure your host to send particular types of icmp responces. 2nd: Ok, so he sends some packets, but does this saturate the connection or in other ways interrupt service? Likely not, but if it does it should be against the acceptable use policy for the network, and complaining to the right person should cause his wires to be cut (if it's wired) or that he be blocked in the AP. If it's _your_ network then you can make it against the AUP and cut him off. 3rd: If you want to some have fun - ok, I don't know how legal this is - then you poison his arp cache effectively taking him off the network until it clears up. This may? be done with arp-sk, or other tools are available. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: port scanning and hidden servers
On Sep 7, 2005, at 11:30 AM, Denny Jodeit wrote: Hello: I have a user on my network with a Linux box that is performing a port scan on all the computers in my network manually. He's doing this 'because he can'. Although I've asked him not to, he continues to do so. 1) How can I block or inhibit port scans launched against my freeBSD servers from within my network? 2) How can I 'hide' my freeBSD servers from users on the network? (If they can't see them, then they don't know to scan them.) Thanks in advance. Harold Try portsentry in conjunction with logcheck, both are in the ports. Hmm... You could use the software firewall for all requests from his IP. Or disconnect his network cable. Or set up all the other machines on the network to periodically ping flood his computer to slow it down to a crawl. Set up the dsniff tools and redirect his traffic through another machine to monitor what is going on with that machine periodically, or set up a proxy web filter on a machine and redirect traffic from his computer to go through it and filter anything and everything not related to work. Set up another machine so it once in awhile takes his IP for a few minutes to knock him off the network. just some ideas for practical or entertainment value. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: port scanning and hidden servers
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Boris Karloff Sent: Wednesday, September 07, 2005 8:19 AM I have a user on my network with a Linux box that is performing a port scan on all the computers in my network manually. He's doing this 'because he can'. Although I've asked him not to, he continues to do so. 1) How can I block or inhibit port scans launched against my freeBSD servers from within my network? 2) How can I 'hide' my freeBSD servers from users on the network? (If they can't see them, then they don't know to scan them.) Thanks in advance. Harold 1. VLAN security on a managed switch 2. TCP wrappers 3. Ipchains 4. Snort (to generate dynamic fw rules) -gayn ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]