stop a freebsd server from responding to pinging?
josh at tcbug.org
Fri Dec 1 12:22:34 PST 2006
On Thursday 30 November 2006 13:10, Chuck Swiger wrote:
> On Nov 30, 2006, at 10:55 AM, Wasp King wrote:
> > 1. How do I stop others from port scanning a server?
> Marcus Ranum suggests using wirecutters on the ethernet cable.
> If the server is internet-reachable, then it can be port-scanned.
> Less drastic measures than removing it from the network entirely
> would including configuring a firewall to block all ports except
> those absolutely required for the necessary functions which the
> machine needs to perform, and "hardening" the OS to reduce the
> potential exposure.
> > 2. is stopping the response to pinging enough?
> > 3. how to do I stop the server from responding to pinging?
> Use a firewall like ipfw or ipf to block ICMP traffic types 0 & 8:
> ipfw add 1 deny icmp from any to any icmptype 0,8
I find it a tad ironic that someone running FBSD 4.2 is worried about
getting port scanned.....or maybe that's why he is worried, since the
laundry list of exploits and holes against a box running something
that old and unsupported is fearsome.
More information about the freebsd-questions