ct Re: NMAP probing of network ports

Chuck Swiger cswiger at mac.com
Fri Sep 16 08:51:17 PDT 2005


Boris Karloff wrote:
> Thank you for your reply.
> 
> Nmap is generating many tcp commands:
> 
> arp who-has 192.168.0.x tell 192.168.0.5 
> 
> where x is an incremented number from 0 through 255. The
> 192.168.0.5 address changes from scan to scan, so blocking
> the port 192.168.0.5 doesn't work. 

That's not a TCP command, that's layer-2 ARP traffic, used to map ethernet MAC 
addresses to IP addresses.  Unless you're being scanned from different machines 
on your LAN, or unless you are scanning from different machines on your LAN, 
such traffic will only come from the IP of the subnet's router.

While you could configure /etc/ethers and disable ARP, frankly, I suspect you 
are not solving the problem you think you'd be solving.

-- 
-Chuck



More information about the freebsd-questions mailing list