port scanning and hidden servers

Bart Silverstrim bsilver at chrononomicon.com
Wed Sep 7 08:38:32 PDT 2005


On Sep 7, 2005, at 11:30 AM, Denny Jodeit wrote:

>
>
>>
>> Hello:
>>
>> I have a user on my network with a Linux box that is
>> performing a port scan on all the computers in my network
>> manually. He's doing this 'because he can'. Although I've
>> asked him not to, he continues to do so.
>>
>> 1) How can I block or inhibit port scans launched against my
>> freeBSD servers from within my network?
>>
>> 2) How can I 'hide' my freeBSD servers from users on the
>> network? (If they can't see them, then they don't know to
>> scan them.)
>>
>> Thanks in advance.
>>
>> Harold
>
>
> Try portsentry in conjunction with logcheck, both are in the ports.

Hmm...

You could use the software firewall for all requests from his IP.

Or disconnect his network cable.

Or set up all the other machines on the network to periodically ping 
flood his computer to slow it down to a crawwwwwl.

Set up the dsniff tools and redirect his traffic through another 
machine to monitor what is going on with that machine periodically, or 
set up a proxy web filter on a machine and redirect traffic from his 
computer to go through it and filter anything and everything not 
related to work.

Set up another machine so it once in awhile takes his IP for a few 
minutes to knock him off the network.

just some ideas for practical or entertainment value.



More information about the freebsd-questions mailing list