From owner-freebsd-questions Fri Oct 13 10:19:30 2000 Delivered-To: freebsd-questions@freebsd.org Received: from spring.thepond.com (spring.thepond.com [209.122.157.220]) by hub.freebsd.org (Postfix) with ESMTP id 2452237B66F for ; Fri, 13 Oct 2000 10:19:25 -0700 (PDT) Received: from localhost (drunk@localhost) by spring.thepond.com (8.9.3/8.9.3) with ESMTP id NAA81360; Fri, 13 Oct 2000 13:33:23 -0400 (EDT) (envelope-from bpeisenbraun@yahoo.com) X-Authentication-Warning: spring.thepond.com: drunk owned process doing -bs Date: Fri, 13 Oct 2000 13:33:23 -0400 (EDT) From: Ben Eisenbraun X-Sender: drunk@spring.thepond.com To: "Ivan S. Anisimov" Cc: questions@freebsd.org Subject: Re: how to stop being scanned by nmap? In-Reply-To: <39E73274.FFABE7AC@itp.ac.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 13 Oct 2000, Ivan S. Anisimov wrote: > I saw somewhere an undocumented option in kernel config that > somehow refuses SYN & ACK requests that prevents software From /usr/src/sys/i386/conf/LINT : # TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. This # prevents nmap et al. from identifying the TCP/IP stack, but breaks support # for RFC1644 extensions and is not recommended for web servers. # # TCP_RESTRICT_RST adds support for blocking the emission of TCP RST packets. # This is useful on systems which are exposed to SYN floods (e.g. IRC servers) # or any system which one does not want to be easily portscannable. options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN options TCP_RESTRICT_RST #restrict emission of TCP RST Looks documented to me. :-) -ben To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message