stop a freebsd server from responding to pinging?

Josh Paetzel josh at tcbug.org
Fri Dec 1 12:22:34 PST 2006


On Thursday 30 November 2006 13:10, Chuck Swiger wrote:
> On Nov 30, 2006, at 10:55 AM, Wasp King wrote:
> > 1. How do I stop others from port scanning a server?
>
> Marcus Ranum suggests using wirecutters on the ethernet cable.
> If the server is internet-reachable, then it can be port-scanned.
>
> Less drastic measures than removing it from the network entirely
> would including configuring a firewall to block all ports except
> those absolutely required for the necessary functions which the
> machine needs to perform, and "hardening" the OS to reduce the
> potential exposure.
>
> > 2. is stopping the response to pinging enough?
>
> No.
>
> > 3. how to do I stop the server from responding to pinging?
>
> Use a firewall like ipfw or ipf to block ICMP traffic types 0 & 8:
>
> 	ipfw add 1 deny icmp from any to any icmptype 0,8

I find it a tad ironic that someone running FBSD 4.2 is worried about 
getting port scanned.....or maybe that's why he is worried, since the 
laundry list of exploits and holes against a box running something 
that old and unsupported is fearsome.

-- 
Thanks,

Josh Paetzel


More information about the freebsd-questions mailing list