Date: 02 Jul 2001 10:03:37 +0100 From: Wayne Pascoe <wayne.pascoe@realtime.co.uk> To: freebsd-questions@freebsd.org Subject: Re: Port scanning Message-ID: <86ae2nog7q.fsf@pan.ehsrealtime.com>
next in thread | raw e-mail | index | archive | help
Kelvin Ng Chee Hoong <nchee_hoong@pacific.net.sg> writes: > Hi ; > I've enabled TCP_DROP_SYNFIN and TCP_RESTRICT_RST options to against > nmap and port scanning. To run the test , I ran nmap from another Linux > machine . Although these two options have enabled , nmap still able > scan through and list the state of services are running. > Question : > (1) How do I configure FBSD to against port scanning ? > (2) Where log file is stored to capture the event of port scanning ? > (3) How do I configure FBSD to send email alert or SMS once encountered > port scanning action take place ? > Please advise . I would advise that you run either an ipfw or an ipf firewall to restrict services to your machine. Run a DENY by default type setup, where you just bin packets without sending a return. I don't know how to do this in ipfw but in ipf the lines look something like block in log on fxp0 from any to any Then in /etc/syslog.conf add the following (ipf again) !ipmon *.* /var/log/ipf.log This will cause all blocked packets to be logged in /var/log/ipf.log HTH, -- - Wayne Pascoe E-mail: wayne.pascoe@realtime.co.uk Phone : +44 (0) 20 7544 4668 Mobile: +44 (0) 788 431 1675 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86ae2nog7q.fsf>