Boris Karloff wrote:
Thank you for your reply.
Nmap is generating many tcp commands:
arp who-has 192.168.0.x tell 192.168.0.5
where x is an incremented number from 0 through 255. The
192.168.0.5 address changes from scan to scan, so blocking
the port 192.168.0.5 doesn't work.
That's not a TCP command, that's layer-2 ARP traffic, used to map ethernet MAC
addresses to IP addresses. Unless you're being scanned from different machines
on your LAN, or unless you are scanning from different machines on your LAN,
such traffic will only come from the IP of the subnet's router.
While you could configure /etc/ethers and disable ARP, frankly, I suspect you
are not solving the problem you think you'd be solving.
--
-Chuck
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
