Date: Fri, 16 Sep 2005 09:59:55 -0500 From: "Boris Karloff" <modelt20@canada.com> To: freebsd-questions@freebsd.org Subject: Re: ct Re: NMAP probing of network ports Message-ID: <432addeb.e9.3d26.10012@canada.com>
next in thread | raw e-mail | index | archive | help
Thank you for your reply. Nmap is generating many tcp commands: arp who-has 192.168.0.x tell 192.168.0.5 where x is an incremented number from 0 through 255. The 192.168.0.5 address changes from scan to scan, so blocking the port 192.168.0.5 doesn't work. This behavior is similar to the W32.Welchia.Worm that plagues windoze boxes. Any thoughts on how to stop replying to this command? Thanks. Harold. >On Fri, Sep 16, 2005 at 07:36:36AM -0500, Boris Karloff wrote: >> It appears that when FreeBSD is sent an invalid packet >> without the SYN or ACK bits set, it responds with a RESET >> reply regardless of the ipfw rules. It appears this is one >> of the things nmap is exploiting. >> >> Any suggestions on how to modify this behavior? > >man blackhole > ---------------------------------------- Upgrade your account today for increased storage; mail forwarding or POP enabled e-mail with automatic virus scanning. Visit http://www.canada.com/email/premiumservices.html for more information.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?432addeb.e9.3d26.10012>