From owner-freebsd-questions@FreeBSD.ORG Thu Sep 15 18:43:57 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E6D6316A41F for ; Thu, 15 Sep 2005 18:43:57 +0000 (GMT) (envelope-from modelt20@canada.com) Received: from canada.com (smtp-3.vancouver.ipapp.com [216.152.192.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5769E43D4C for ; Thu, 15 Sep 2005 18:43:57 +0000 (GMT) (envelope-from modelt20@canada.com) Received: from canada.com ([216.152.192.56]) by smtp-3.vancouver.ipapp.com ; Thu, 15 Sep 2005 11:43:56 -0700 Sender: modelt20@canada.com From: "Boris Karloff" To: freebsd-questions@freebsd.org X-Mailer: Quality Web Email v3.1m, http://netwinsite.com/refw.htm X-Originating-IP: 71.29.66.64 Date: Thu, 15 Sep 2005 13:43:56 -0500 Message-id: <4329c0ec.244.232.3162@canada.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Rcpt-To: X-Country: CA Subject: NMAP probing of network ports X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Sep 2005 18:43:58 -0000 Hello: How do I cause freeBSD 5.4 to not respond to an nmap inquiry? I have already tried creating a line in rc.firewall that says: ${fwcmd} deny all from any to any ${fwcmd} drop all from any to any I know these are active, since 1) I see them on the screen at startup, and 2) pinging from any computer to any computer results in a timeout. (both of these should drop all TCP packets; but apparently, they cause a RESET message to be sent.) I've also tried adding the following to sysctl.conf: net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1 Again, these don't seem to prevent my freeBSD from sending a packet (probably a RESET or UNREACHABLE-HOST ack). Once the person sending the nmap to this machine has the IP, its a simple step for them to ip-flood this machine; or worse. How do I make freeBSD not acknowledge the fingerprint from nmap? Thanks in advance. Harold. ---------------------------------------- Upgrade your account today for increased storage; mail forwarding or POP enabled e-mail with automatic virus scanning. Visit http://www.canada.com/email/premiumservices.html for more information.