Date: Fri, 01 Dec 2006 18:48:28 -0800 From: Garrett Cooper <youshi10@u.washington.edu> To: freebsd-questions@freebsd.org Subject: Re: stop a freebsd server from responding to pinging? Message-ID: <4570E97C.3030402@u.washington.edu> In-Reply-To: <200612011421.28431.josh@tcbug.org> References: <365084.23607.qm@web37213.mail.mud.yahoo.com> <CD86A958-48D7-4C00-83FD-3242B75661C7@mac.com> <200612011421.28431.josh@tcbug.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Josh Paetzel wrote: > On Thursday 30 November 2006 13:10, Chuck Swiger wrote: >> On Nov 30, 2006, at 10:55 AM, Wasp King wrote: >>> 1. How do I stop others from port scanning a server? >> Marcus Ranum suggests using wirecutters on the ethernet cable. >> If the server is internet-reachable, then it can be port-scanned. >> >> Less drastic measures than removing it from the network entirely >> would including configuring a firewall to block all ports except >> those absolutely required for the necessary functions which the >> machine needs to perform, and "hardening" the OS to reduce the >> potential exposure. >> >>> 2. is stopping the response to pinging enough? >> No. >> >>> 3. how to do I stop the server from responding to pinging? >> Use a firewall like ipfw or ipf to block ICMP traffic types 0 & 8: >> >> ipfw add 1 deny icmp from any to any icmptype 0,8 > > I find it a tad ironic that someone running FBSD 4.2 is worried about > getting port scanned.....or maybe that's why he is worried, since the > laundry list of exploits and holes against a box running something > that old and unsupported is fearsome. > It does make his machine a bit more obscure and harder to find, but that's nothing a little nmap / snort / tcpdump doesn't cure by making your traffic or ports in use visible. Plus, if someone knows you exist, preventing ICMP ping to your host won't prevent much of anything.. -Garrett
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4570E97C.3030402>