Date: Wed, 07 Sep 2005 17:36:43 +0200 From: Erik Norgaard <norgaard@locolomo.org> To: Boris Karloff <modelt20@canada.com> Cc: freebsd-questions@freebsd.org Subject: Re: port scanning and hidden servers Message-ID: <431F090B.5050307@locolomo.org> In-Reply-To: <431f04f6.22c.572a.3251@canada.com> References: <431f04f6.22c.572a.3251@canada.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Boris Karloff wrote: > I have a user on my network with a Linux box that is > performing a port scan on all the computers in my network > manually. He's doing this 'because he can'. Although I've > asked him not to, he continues to do so. > > 1) How can I block or inhibit port scans launched against my > freeBSD servers from within my network? > > 2) How can I 'hide' my freeBSD servers from users on the > network? (If they can't see them, then they don't know to > scan them.) 1st: You can't really block a port scan, you can block your ports for incoming connections so you will appear to be offline. You can also configure your host to send particular types of icmp responces. 2nd: Ok, so he sends some packets, but does this saturate the connection or in other ways interrupt service? Likely not, but if it does it should be against the "acceptable use policy" for the network, and complaining to the right person should cause his wires to be cut (if it's wired) or that he be blocked in the AP. If it's _your_ network then you can make it against the AUP and cut him off. 3rd: If you want to some have fun - ok, I don't know how legal this is - then you poison his arp cache effectively taking him off the network until it clears up. This may? be done with arp-sk, or other tools are available. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?431F090B.5050307>