From owner-freebsd-questions@FreeBSD.ORG Wed Sep 7 15:38:32 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BDA8B16A41F for ; Wed, 7 Sep 2005 15:38:32 +0000 (GMT) (envelope-from bsilver@chrononomicon.com) Received: from trans-warp.net (hyperion.trans-warp.net [216.37.208.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6769F43D5C for ; Wed, 7 Sep 2005 15:38:31 +0000 (GMT) (envelope-from bsilver@chrononomicon.com) Received: from [127.0.0.1] (unverified [65.193.73.208]) by trans-warp.net (SurgeMail 2.2g3) with ESMTP id 22622262 for multiple; Wed, 07 Sep 2005 11:38:19 -0400 In-Reply-To: <001e01c5b3c1$199321a0$59830acf@dennylaptop2> References: <001e01c5b3c1$199321a0$59830acf@dennylaptop2> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Bart Silverstrim Date: Wed, 7 Sep 2005 11:38:24 -0400 To: "Denny Jodeit" X-Mailer: Apple Mail (2.622) X-Server: High Performance Mail Server - http://surgemail.com X-Authenticated-User: bsilver@chrononomicon.com Cc: 'Boris Karloff' , freebsd-questions@freebsd.org Subject: Re: port scanning and hidden servers X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Sep 2005 15:38:32 -0000 On Sep 7, 2005, at 11:30 AM, Denny Jodeit wrote: > > >> >> Hello: >> >> I have a user on my network with a Linux box that is >> performing a port scan on all the computers in my network >> manually. He's doing this 'because he can'. Although I've >> asked him not to, he continues to do so. >> >> 1) How can I block or inhibit port scans launched against my >> freeBSD servers from within my network? >> >> 2) How can I 'hide' my freeBSD servers from users on the >> network? (If they can't see them, then they don't know to >> scan them.) >> >> Thanks in advance. >> >> Harold > > > Try portsentry in conjunction with logcheck, both are in the ports. Hmm... You could use the software firewall for all requests from his IP. Or disconnect his network cable. Or set up all the other machines on the network to periodically ping flood his computer to slow it down to a crawwwwwl. Set up the dsniff tools and redirect his traffic through another machine to monitor what is going on with that machine periodically, or set up a proxy web filter on a machine and redirect traffic from his computer to go through it and filter anything and everything not related to work. Set up another machine so it once in awhile takes his IP for a few minutes to knock him off the network. just some ideas for practical or entertainment value.