ct Re: NMAP probing of network ports
Chuck Swiger
cswiger at mac.com
Fri Sep 16 08:51:17 PDT 2005
Boris Karloff wrote:
> Thank you for your reply.
>
> Nmap is generating many tcp commands:
>
> arp who-has 192.168.0.x tell 192.168.0.5
>
> where x is an incremented number from 0 through 255. The
> 192.168.0.5 address changes from scan to scan, so blocking
> the port 192.168.0.5 doesn't work.
That's not a TCP command, that's layer-2 ARP traffic, used to map ethernet MAC
addresses to IP addresses. Unless you're being scanned from different machines
on your LAN, or unless you are scanning from different machines on your LAN,
such traffic will only come from the IP of the subnet's router.
While you could configure /etc/ethers and disable ARP, frankly, I suspect you
are not solving the problem you think you'd be solving.
--
-Chuck
More information about the freebsd-questions
mailing list