Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 16 Sep 2005 09:59:55 -0500
From:      "Boris Karloff" <modelt20@canada.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: ct Re: NMAP probing of network ports
Message-ID:  <432addeb.e9.3d26.10012@canada.com>

next in thread | raw e-mail | index | archive | help
Thank you for your reply.

Nmap is generating many tcp commands:

arp who-has 192.168.0.x tell 192.168.0.5 

where x is an incremented number from 0 through 255. The
192.168.0.5 address changes from scan to scan, so blocking
the port 192.168.0.5 doesn't work. 

This behavior is similar to the W32.Welchia.Worm that
plagues windoze boxes. 

Any thoughts on how to stop replying to this command?

Thanks.
Harold.

>On Fri, Sep 16, 2005 at 07:36:36AM -0500, Boris Karloff
wrote:
>> It appears that when FreeBSD is sent an invalid packet
>> without the SYN or ACK bits set, it responds with a RESET
>> reply regardless of the ipfw rules. It appears this is
one
>> of the things nmap is exploiting.
>> 
>> Any suggestions on how to modify this behavior?
>
>man blackhole
>
----------------------------------------
Upgrade your account today for increased storage; mail
forwarding or POP enabled e-mail with automatic virus
scanning. Visit
http://www.canada.com/email/premiumservices.html for more
information.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?432addeb.e9.3d26.10012>