Date: Mon, 15 Oct 2001 11:55:56 -0700 From: Greg White <gregw-freebsd-security@greg.cex.ca> To: security@freebsd.org Subject: Re: FreeBSD IPFW Message-ID: <20011015115556.A16917@greg.cex.ca> In-Reply-To: <007f01c155a4$53166a60$03e2cbd8@server>; from jgowdy@home.com on Mon, Oct 15, 2001 at 11:07:59AM -0700 References: <007f01c155a4$53166a60$03e2cbd8@server>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 15, 2001 at 11:07:59AM -0700, Jeremiah Gowdy wrote: > I'm using FreeBSD 4.4-STABLE with my transparent bridge/firewall setup to > protect my network. I'm wondering why ipfw is returning packets, which I > assume it's doing, when it filters a particular port like this: > > "139/tcp filtered netbios-ssn" > > result from an nmap scan. I would rather, like blackhole, just silently > drop the packet, which causes the port scanner to lag all to hell and wait > for the response timeout. Of course I have blackhole turned on, and that > works for the FreeBSD box itself, but it does not work for the packets > blocked by ipfw. Is there an IPFW option to drop a packet silently with no > RST or ICMP returned (or anything else) ? Someone correct me if I'm wrong here, but in every instance I have seen nmap return that result, it is _because_ of the behaviour you say you're looking for. An unfiltered port would have responded with RST, and nmap knows this, so that if no RST comes back, it calls the port 'filtered'. Similar results for UDP with no returned port-unreachable. Using ipfw's 'deny' should produce the results you saw above, and do what you want. -- Greg White To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011015115556.A16917>