stop a freebsd server from responding to pinging?
Garrett Cooper
youshi10 at u.washington.edu
Fri Dec 1 18:48:30 PST 2006
Josh Paetzel wrote:
> On Thursday 30 November 2006 13:10, Chuck Swiger wrote:
>> On Nov 30, 2006, at 10:55 AM, Wasp King wrote:
>>> 1. How do I stop others from port scanning a server?
>> Marcus Ranum suggests using wirecutters on the ethernet cable.
>> If the server is internet-reachable, then it can be port-scanned.
>>
>> Less drastic measures than removing it from the network entirely
>> would including configuring a firewall to block all ports except
>> those absolutely required for the necessary functions which the
>> machine needs to perform, and "hardening" the OS to reduce the
>> potential exposure.
>>
>>> 2. is stopping the response to pinging enough?
>> No.
>>
>>> 3. how to do I stop the server from responding to pinging?
>> Use a firewall like ipfw or ipf to block ICMP traffic types 0 & 8:
>>
>> ipfw add 1 deny icmp from any to any icmptype 0,8
>
> I find it a tad ironic that someone running FBSD 4.2 is worried about
> getting port scanned.....or maybe that's why he is worried, since the
> laundry list of exploits and holes against a box running something
> that old and unsupported is fearsome.
>
It does make his machine a bit more obscure and harder to find, but
that's nothing a little nmap / snort / tcpdump doesn't cure by making
your traffic or ports in use visible. Plus, if someone knows you exist,
preventing ICMP ping to your host won't prevent much of anything..
-Garrett
More information about the freebsd-questions
mailing list