stop a freebsd server from responding to pinging?
Chuck Swiger
cswiger at mac.com
Thu Nov 30 11:11:07 PST 2006
On Nov 30, 2006, at 10:55 AM, Wasp King wrote:
> 1. How do I stop others from port scanning a server?
Marcus Ranum suggests using wirecutters on the ethernet cable.
If the server is internet-reachable, then it can be port-scanned.
Less drastic measures than removing it from the network entirely
would including configuring a firewall to block all ports except
those absolutely required for the necessary functions which the
machine needs to perform, and "hardening" the OS to reduce the
potential exposure.
> 2. is stopping the response to pinging enough?
No.
> 3. how to do I stop the server from responding to pinging?
Use a firewall like ipfw or ipf to block ICMP traffic types 0 & 8:
ipfw add 1 deny icmp from any to any icmptype 0,8
--
-Chuck
More information about the freebsd-questions
mailing list