Date: Thu, 15 Sep 2005 11:57:43 -0700 From: Garrett Cooper <youshi10@u.washington.edu> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: NMAP probing of network ports Message-ID: <72819338-5A05-4648-B6E3-1F54B48D6592@u.washington.edu> In-Reply-To: <4329c0ec.244.232.3162@canada.com> References: <4329c0ec.244.232.3162@canada.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sep 15, 2005, at 11:43 AM, Boris Karloff wrote:
> Hello:
>
> How do I cause freeBSD 5.4 to not respond to an nmap
> inquiry? I have already tried creating a line in rc.firewall
> that says:
>
> ${fwcmd} deny all from any to any
> ${fwcmd} drop all from any to any
>
> I know these are active, since 1) I see them on the screen
> at startup, and 2) pinging from any computer to any computer
> results in a timeout.
>
> (both of these should drop all TCP packets; but apparently,
> they cause a RESET message to be sent.)
>
> I've also tried adding the following to sysctl.conf:
>
> net.inet.tcp.blackhole=2
> net.inet.udp.blackhole=1
>
> Again, these don't seem to prevent my freeBSD from sending a
> packet (probably a RESET or UNREACHABLE-HOST ack).
>
> Once the person sending the nmap to this machine has the IP,
> its a simple step for them to ip-flood this machine; or
> worse.
>
> How do I make freeBSD not acknowledge the fingerprint from
> nmap?
>
> Thanks in advance.
>
> Harold.
One thing to note is that if you have a listening server, nmap
will always get a response regardless of whether or not you want it
to because that's how servers function (unless you block the traffic
completely which is silly because then no one could connect to your
machine from anywhere). As for ICMP traffic, you should block ICMP if
you don't want to send ping replies, etc.
-Garrett
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?72819338-5A05-4648-B6E3-1F54B48D6592>