From owner-freebsd-questions@FreeBSD.ORG Sat Dec 2 02:48:30 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A2D1916A407 for ; Sat, 2 Dec 2006 02:48:30 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from mxout2.cac.washington.edu (mxout2.cac.washington.edu [140.142.33.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id A362B43C9D for ; Sat, 2 Dec 2006 02:48:12 +0000 (GMT) (envelope-from youshi10@u.washington.edu) Received: from smtp.washington.edu (smtp.washington.edu [140.142.32.141]) by mxout2.cac.washington.edu (8.13.7+UW06.06/8.13.7+UW06.09) with ESMTP id kB22mT3Z027398 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Fri, 1 Dec 2006 18:48:30 -0800 X-Auth-Received: from [192.168.0.101] (dsl254-013-145.sea1.dsl.speakeasy.net [216.254.13.145]) (authenticated authid=youshi10) by smtp.washington.edu (8.13.7+UW06.06/8.13.7+UW06.09) with ESMTP id kB22mT5m018663 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Fri, 1 Dec 2006 18:48:29 -0800 Message-ID: <4570E97C.3030402@u.washington.edu> Date: Fri, 01 Dec 2006 18:48:28 -0800 From: Garrett Cooper User-Agent: Thunderbird 1.5.0.8 (X11/20061116) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <365084.23607.qm@web37213.mail.mud.yahoo.com> <200612011421.28431.josh@tcbug.org> In-Reply-To: <200612011421.28431.josh@tcbug.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-PMX-Version: 5.2.2.285561, Antispam-Engine: 2.5.0.283055, Antispam-Data: 2006.12.1.183432 X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='__CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0, __USER_AGENT 0' Subject: Re: stop a freebsd server from responding to pinging? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Dec 2006 02:48:30 -0000 Josh Paetzel wrote: > On Thursday 30 November 2006 13:10, Chuck Swiger wrote: >> On Nov 30, 2006, at 10:55 AM, Wasp King wrote: >>> 1. How do I stop others from port scanning a server? >> Marcus Ranum suggests using wirecutters on the ethernet cable. >> If the server is internet-reachable, then it can be port-scanned. >> >> Less drastic measures than removing it from the network entirely >> would including configuring a firewall to block all ports except >> those absolutely required for the necessary functions which the >> machine needs to perform, and "hardening" the OS to reduce the >> potential exposure. >> >>> 2. is stopping the response to pinging enough? >> No. >> >>> 3. how to do I stop the server from responding to pinging? >> Use a firewall like ipfw or ipf to block ICMP traffic types 0 & 8: >> >> ipfw add 1 deny icmp from any to any icmptype 0,8 > > I find it a tad ironic that someone running FBSD 4.2 is worried about > getting port scanned.....or maybe that's why he is worried, since the > laundry list of exploits and holes against a box running something > that old and unsupported is fearsome. > It does make his machine a bit more obscure and harder to find, but that's nothing a little nmap / snort / tcpdump doesn't cure by making your traffic or ports in use visible. Plus, if someone knows you exist, preventing ICMP ping to your host won't prevent much of anything.. -Garrett