From owner-freebsd-questions@FreeBSD.ORG  Fri Dec  1 20:22:34 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id D897316A403
	for <freebsd-questions@freebsd.org>;
	Fri,  1 Dec 2006 20:22:34 +0000 (UTC) (envelope-from josh@tcbug.org)
Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [216.148.227.151])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A29D643CC3
	for <freebsd-questions@freebsd.org>;
	Fri,  1 Dec 2006 20:21:39 +0000 (GMT) (envelope-from josh@tcbug.org)
Received: from gimpy (c-24-118-173-219.hsd1.mn.comcast.net[24.118.173.219])
	by comcast.net (rwcrmhc11) with ESMTP
	id <20061201202154m1100sn2i8e>; Fri, 1 Dec 2006 20:21:54 +0000
From: Josh Paetzel <josh@tcbug.org>
To: freebsd-questions@freebsd.org
Date: Fri, 1 Dec 2006 14:21:28 -0600
User-Agent: KMail/1.9.4
References: <365084.23607.qm@web37213.mail.mud.yahoo.com>
	<CD86A958-48D7-4C00-83FD-3242B75661C7@mac.com>
In-Reply-To: <CD86A958-48D7-4C00-83FD-3242B75661C7@mac.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200612011421.28431.josh@tcbug.org>
Cc: Wasp King <waspking2003@yahoo.com>
Subject: Re: stop a freebsd server from responding to pinging?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Dec 2006 20:22:34 -0000

On Thursday 30 November 2006 13:10, Chuck Swiger wrote:
> On Nov 30, 2006, at 10:55 AM, Wasp King wrote:
> > 1. How do I stop others from port scanning a server?
>
> Marcus Ranum suggests using wirecutters on the ethernet cable.
> If the server is internet-reachable, then it can be port-scanned.
>
> Less drastic measures than removing it from the network entirely
> would including configuring a firewall to block all ports except
> those absolutely required for the necessary functions which the
> machine needs to perform, and "hardening" the OS to reduce the
> potential exposure.
>
> > 2. is stopping the response to pinging enough?
>
> No.
>
> > 3. how to do I stop the server from responding to pinging?
>
> Use a firewall like ipfw or ipf to block ICMP traffic types 0 & 8:
>
> 	ipfw add 1 deny icmp from any to any icmptype 0,8

I find it a tad ironic that someone running FBSD 4.2 is worried about 
getting port scanned.....or maybe that's why he is worried, since the 
laundry list of exploits and holes against a box running something 
that old and unsupported is fearsome.

-- 
Thanks,

Josh Paetzel