From owner-freebsd-questions@FreeBSD.ORG Thu Nov 30 19:21:27 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1546B16A4AB for ; Thu, 30 Nov 2006 19:21:27 +0000 (UTC) (envelope-from lane@joeandlane.com) Received: from elasmtp-dupuy.atl.sa.earthlink.net (elasmtp-dupuy.atl.sa.earthlink.net [209.86.89.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id E9D1443C9D for ; Thu, 30 Nov 2006 19:21:16 +0000 (GMT) (envelope-from lane@joeandlane.com) Received: from [66.47.111.183] (helo=joeandlane.com) by elasmtp-dupuy.atl.sa.earthlink.net with asmtp (Exim 4.34) id 1GprTK-0007DE-2R for freebsd-questions@freebsd.org; Thu, 30 Nov 2006 14:21:26 -0500 Received: from joeandlane.com (localhost.localnet.local [127.0.0.1]) by joeandlane.com (8.13.8/8.13.1) with ESMTP id kAUJOOoH093312 for ; Thu, 30 Nov 2006 13:24:24 -0600 (CST) (envelope-from lane@joeandlane.com) Received: from localhost (localhost [[UNIX: localhost]]) by joeandlane.com (8.13.8/8.13.1/Submit) id kAUJOOV6093311 for freebsd-questions@freebsd.org; Thu, 30 Nov 2006 13:24:24 -0600 (CST) (envelope-from lane@joeandlane.com) From: Lane To: freebsd-questions@freebsd.org Date: Thu, 30 Nov 2006 13:24:24 -0600 User-Agent: KMail/1.9.3 References: <365084.23607.qm@web37213.mail.mud.yahoo.com> In-Reply-To: <365084.23607.qm@web37213.mail.mud.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200611301324.24259.lane@joeandlane.com> X-CD-SOLUTIONS-MailScanner-Information: Please contact the ISP for more information X-CD-SOLUTIONS-MailScanner: Found to be clean X-CD-SOLUTIONS-MailScanner-From: lane@joeandlane.com X-ELNK-Trace: e56a4b6ca9bdfda11aa676d7e74259b7b3291a7d08dfec79835fe190c8cd1319f1ce177c94056fc7350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 66.47.111.183 Subject: Re: stop a freebsd server from responding to pinging? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Nov 2006 19:21:27 -0000 On Thursday 30 November 2006 12:55, Wasp King wrote: > 1. How do I stop others from port scanning a server? > > 2. is stopping the response to pinging enough? > > 3. how to do I stop the server from responding to > pinging? > > Running FreeBSD 4.2 and 6.1. > > I changed the /etc/rc.network file to "NO" for > broadcast ping responses, and this did not work (still > responding to ping) when I rebooted: > > > case ${icmp_bmcastecho} in > [Yy][Ee][Ss]) > echo -n ' broadcast ping responses=NO' > sysctl net.inet.icmp.bmcastecho=1 > > >/dev/null > Wasp, Check out /usr/ports/security/portsentry to reject portscan attempts. By default it uses /etc/hosts.deny, which is deprecated. But you can configure it to run a command ("KILL_ROUTE" in portsentry.conf) to do just about anything you want. My KILL_ROUTE command is a perl script that sends syslog entries to /var/log/auth.log, which are intercepted by /usr/ports/security/sshit to only temporarily block an offending ip using ipfw. It also sends an email notification at the time of the attempt, so I can be sure to keep an eye on the trouble-maker. BTW: I think to completely block ping/traceroute you would add an ipfw rule like: ipfw add drop icmp from any to any in via $eternal_nic But that may introduce complications I'm unaware of ... lane