From owner-freebsd-questions  Sun Sep 12  8:34:29 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from ns.mt.sri.com (ns.mt.sri.com [206.127.79.91])
	by hub.freebsd.org (Postfix) with ESMTP
	id B8E3214F49; Sun, 12 Sep 1999 08:34:19 -0700 (PDT)
	(envelope-from nate@mt.sri.com)
Received: from mt.sri.com (rocky.mt.sri.com [206.127.76.100])
	by ns.mt.sri.com (8.9.3/8.9.3) with SMTP id JAA21204;
	Sun, 12 Sep 1999 09:34:09 -0600 (MDT)
	(envelope-from nate@rocky.mt.sri.com)
Received: by mt.sri.com (SMI-8.6/SMI-SVR4)
	id JAA18584; Sun, 12 Sep 1999 09:34:08 -0600
Date: Sun, 12 Sep 1999 09:34:08 -0600
Message-Id: <199909121534.JAA18584@mt.sri.com>
From: Nate Williams <nate@mt.sri.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Cc: Ben Smithurst <ben@scientia.demon.co.uk>,
	"Jeremy L. Ramirez" <jramirez@digicomsystems.net>,
	dev-null@ns1.digicomsystems.net, freebsd-questions@FreeBSD.ORG,
	freebsd-security@FreeBSD.ORG
Subject: Re: How to prevent motd including os info
In-Reply-To: <xzpn1usmka2.fsf@flood.ping.uio.no>
References: <4.2.0.58.19990911151659.00aa8d60@ns1.digicomsystems.net>
	<19990912012524.B41509@lithium.scientia.demon.co.uk>
	<xzpn1usmka2.fsf@flood.ping.uio.no>
X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid
Reply-To: nate@mt.sri.com (Nate Williams)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> > An even better way is to disable telnet completely, and use ssh like you
> > should. Note that people can still use nmap or something to guess at
> > your OS.
> 
> # ipfw add 1 deny tcp from any to any in tcpflags syn,fin
> 
> No they can't.

Except if you do this the box is unable to provide *ANY* external
sevices, including email and/or DNS service. :(



Nate


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message