Re: stop a freebsd server from responding to pinging?
- From: Lane <lane@xxxxxxxxxxxxxx>
- Date: Thu, 30 Nov 2006 13:24:24 -0600
On Thursday 30 November 2006 12:55, Wasp King wrote:
1. How do I stop others from port scanning a server?Wasp,
2. is stopping the response to pinging enough?
3. how to do I stop the server from responding to
pinging?
Running FreeBSD 4.2 and 6.1.
I changed the /etc/rc.network file to "NO" for
broadcast ping responses, and this did not work (still
responding to ping) when I rebooted:
case ${icmp_bmcastecho} in
[Yy][Ee][Ss])
echo -n ' broadcast ping responses=NO'
sysctl net.inet.icmp.bmcastecho=1
/dev/null
Check out /usr/ports/security/portsentry to reject portscan attempts. By
default it uses /etc/hosts.deny, which is deprecated. But you can configure
it to run a command ("KILL_ROUTE" in portsentry.conf) to do just about
anything you want.
My KILL_ROUTE command is a perl script that sends syslog entries
to /var/log/auth.log, which are intercepted by /usr/ports/security/s*** to
only temporarily block an offending ip using ipfw. It also sends an email
notification at the time of the attempt, so I can be sure to keep an eye on
the trouble-maker.
BTW: I think to completely block ping/traceroute you would add an ipfw rule
like:
ipfw add drop icmp from any to any in via $eternal_nic
But that may introduce complications I'm unaware of ...
lane
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- References:
- stop a freebsd server from responding to pinging?
- From: Wasp King
- stop a freebsd server from responding to pinging?
- Prev by Date: Re: Mail server question
- Next by Date: Re: Mail server question
- Previous by thread: Re: stop a freebsd server from responding to pinging?
- Next by thread: Re: question on batch email sending
- Index(es):
