From owner-freebsd-questions@FreeBSD.ORG Thu Sep 15 18:56:48 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4FEE416A437 for ; Thu, 15 Sep 2005 18:56:48 +0000 (GMT) (envelope-from youshi10@u.washington.edu) Received: from mxout5.cac.washington.edu (mxout5.cac.washington.edu [140.142.32.135]) by mx1.FreeBSD.org (Postfix) with ESMTP id AA00C43D46 for ; Thu, 15 Sep 2005 18:56:47 +0000 (GMT) (envelope-from youshi10@u.washington.edu) Received: from smtp.washington.edu (smtp.washington.edu [140.142.33.9]) by mxout5.cac.washington.edu (8.13.4+UW05.04/8.13.4+UW05.07) with ESMTP id j8FIuk4A020826 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Thu, 15 Sep 2005 11:56:47 -0700 X-Auth-Received: from [128.208.7.52] (pinocchio.dyn.cs.washington.edu [128.208.7.52]) (authenticated authid=youshi10) by smtp.washington.edu (8.13.4+UW05.04/8.13.4+UW05.07) with ESMTP id j8FIuhmk006315 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for ; Thu, 15 Sep 2005 11:56:46 -0700 Mime-Version: 1.0 (Apple Message framework v734) In-Reply-To: <4329c0ec.244.232.3162@canada.com> References: <4329c0ec.244.232.3162@canada.com> Message-Id: <72819338-5A05-4648-B6E3-1F54B48D6592@u.washington.edu> From: Garrett Cooper Date: Thu, 15 Sep 2005 11:57:43 -0700 To: FreeBSD Questions X-Mailer: Apple Mail (2.734) X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='HTML_70_90 0.1, __CT 0, __CTYPE_HAS_BOUNDARY 0, __CTYPE_MULTIPART 0, __CTYPE_MULTIPART_ALT 0, __HAS_MSGID 0, __HAS_X_MAILER 0, __MIME_HTML 0, __MIME_VERSION 0, __SANE_MSGID 0, __TAG_EXISTS_HTML 0' Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: NMAP probing of network ports X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Sep 2005 18:56:48 -0000 On Sep 15, 2005, at 11:43 AM, Boris Karloff wrote: > Hello: > > How do I cause freeBSD 5.4 to not respond to an nmap > inquiry? I have already tried creating a line in rc.firewall > that says: > > ${fwcmd} deny all from any to any > ${fwcmd} drop all from any to any > > I know these are active, since 1) I see them on the screen > at startup, and 2) pinging from any computer to any computer > results in a timeout. > > (both of these should drop all TCP packets; but apparently, > they cause a RESET message to be sent.) > > I've also tried adding the following to sysctl.conf: > > net.inet.tcp.blackhole=2 > net.inet.udp.blackhole=1 > > Again, these don't seem to prevent my freeBSD from sending a > packet (probably a RESET or UNREACHABLE-HOST ack). > > Once the person sending the nmap to this machine has the IP, > its a simple step for them to ip-flood this machine; or > worse. > > How do I make freeBSD not acknowledge the fingerprint from > nmap? > > Thanks in advance. > > Harold. One thing to note is that if you have a listening server, nmap will always get a response regardless of whether or not you want it to because that's how servers function (unless you block the traffic completely which is silly because then no one could connect to your machine from anywhere). As for ICMP traffic, you should block ICMP if you don't want to send ping replies, etc. -Garrett