Boris Karloff wrote:
I have a user on my network with a Linux box that is
performing a port scan on all the computers in my network
manually. He's doing this 'because he can'. Although I've
asked him not to, he continues to do so.
1) How can I block or inhibit port scans launched against my
freeBSD servers from within my network?
2) How can I 'hide' my freeBSD servers from users on the
network? (If they can't see them, then they don't know to
scan them.)
1st: You can't really block a port scan, you can block your ports for
incoming connections so you will appear to be offline. You can also
configure your host to send particular types of icmp responces.
2nd: Ok, so he sends some packets, but does this saturate the connection
or in other ways interrupt service? Likely not, but if it does it should
be against the "acceptable use policy" for the network, and complaining
to the right person should cause his wires to be cut (if it's wired) or
that he be blocked in the AP. If it's _your_ network then you can make
it against the AUP and cut him off.
3rd: If you want to some have fun - ok, I don't know how legal this is -
then you poison his arp cache effectively taking him off the network
until it clears up.
This may? be done with arp-sk, or other tools are available.
Cheers, Erik
--
Ph: +34.666334818 web: www.locolomo.org
S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt
Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72
Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
