From owner-freebsd-questions@FreeBSD.ORG  Wed Sep  7 15:25:36 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: questions@freebsd.org
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1931416A41F
	for <questions@freebsd.org>; Wed,  7 Sep 2005 15:25:36 +0000 (GMT)
	(envelope-from sequethin@gmail.com)
Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.195])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A44E843D46
	for <questions@freebsd.org>; Wed,  7 Sep 2005 15:25:35 +0000 (GMT)
	(envelope-from sequethin@gmail.com)
Received: by wproxy.gmail.com with SMTP id 50so842149wri
	for <questions@freebsd.org>; Wed, 07 Sep 2005 08:25:35 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=RUxDvvJiwq+e1HeXryekgl29YjpDqKm4vq7eOnEpFsv5Piq2Ps+3YR47dKcITfr256Niz4ztYtF7wMrbdJfPNIG4vGTBv5D0SUSNg2wW9mkp2whERJnG0zbHlEZD+ovxGcF7aHIlT3tU+FG+XwGiaHBxfwYKzue5cnvpG3LBo8Y=
Received: by 10.54.102.5 with SMTP id z5mr4412488wrb;
	Wed, 07 Sep 2005 08:25:35 -0700 (PDT)
Received: by 10.54.68.20 with HTTP; Wed, 7 Sep 2005 08:25:34 -0700 (PDT)
Message-ID: <3060c23905090708254357d697@mail.gmail.com>
Date: Wed, 7 Sep 2005 11:25:35 -0400
From: Mike Hernandez <sequethin@gmail.com>
To: questions@freebsd.org
In-Reply-To: <431f04f6.22c.572a.3251@canada.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <431f04f6.22c.572a.3251@canada.com>
Cc: 
Subject: Re: port scanning and hidden servers
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: sequethin@gmail.com
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Sep 2005 15:25:36 -0000

If you ask him not to do so, then you know who he is, correct? The
best way to prevent him from continuing is to deny him access to the
network.  AFAIK there is no way to block a scan, though you could
close ports and otherwise secure your systems so that the scans won't
produce any helpful information?  Hiding a server wont help much, nmap
can scan blocks of IP's.  If the servers aren't on the same network as
your users they can't be scanned easily, but that might complicate
your setup.

IMHO, revoke the user's permission to access the network, or bring up
the issue with someone who has the authority to do so.

Mike