From owner-freebsd-questions Mon Jul 2 2: 2:16 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.arc.net.my (nagano.arc.net.my [203.115.225.22]) by hub.freebsd.org (Postfix) with ESMTP id D32A037B403 for ; Mon, 2 Jul 2001 02:02:11 -0700 (PDT) (envelope-from llchan@eweb-asia.com) Received: from llchan ([202.75.144.37]) by mail.arc.net.my (Netscape Messaging Server 4.15) with SMTP id GFU93J00.C1E; Mon, 2 Jul 2001 17:02:07 +0800 Message-ID: <00ba01c102d4$b2ebba80$25904bca@ewebasia.com> From: "Ling Ling" To: "Kelvin Ng Chee Hoong" Cc: References: <3B4037F4.7A6EB55D@pacific.net.sg> Subject: Re: Port scanning Date: Mon, 2 Jul 2001 16:55:06 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Kelvin, Did you turn on the following parameters in /etc/rc.conf or /etc/defaults/rc.conf? # For the following two options, you need to have TCP_DROP_SYNFIN and # TCP_RESTRICT_RST set in your kernel. Please refer to LINT for details. tcp_drop_synfin="YES" # Set to YES to drop TCP packets with SYN+FIN # NOTE: this violates the TCP specification tcp_restrict_rst="YES" # Set to YES to restrict emission of RST Check on a website http://www.freebsd-howto.com for further details . Regards, Ling Ling ----- Original Message ----- From: "Kelvin Ng Chee Hoong" To: Sent: Monday, July 02, 2001 4:59 PM Subject: Port scanning > Hi ; > I've enabled TCP_DROP_SYNFIN and TCP_RESTRICT_RST options to against > nmap and port scanning. To run the test , I ran nmap from another Linux > machine . Although these two options have enabled , nmap still able > scan through and list the state of services are running. > Question : > (1) How do I configure FBSD to against port scanning ? > (2) Where log file is stored to capture the event of port scanning ? > (3) How do I configure FBSD to send email alert or SMS once encountered > port scanning action take place ? > Please advise . > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message