Good day! Does anyone know if OpenBSD(7.1) has the capability to be hidden against a pingscan(nmap -sn xxx.xxx.xxx.xxx)? In PF I have only 2 rules to block everything: block in quick all block out quick all
This is a fresh OpenBSD7.1 with no other configuration in place. The only thing set is the default interface vic0 to allow dhcp By running a test with nmap -sn 192.168.121.131 I see this: Starting Nmap 7.92(https://nmap.org)at 2022-06-18 11:52 GTB Daylight Time Nmap scan report for 192.168.121.131 Host is up (0.00s latency). MAC Address: 00:0C:29:C3:D9:A7 (VMware) Nmap done: 1 IP address (1 host up) scanned in 0.46 seconds On scanned host I see this by running tcpdump -i vic0 09:51:40.913770 arp who-has 192.168.121.131 tell 192.168.121.1 09:51:40.913795 arp reply 192.168.121.131 is-at 00:0c:29:c3:d9:a7 I am thinking(please correct me if I am wrong) that not all the traffic passes through pf hence this is why is not blocked. I would appreciate if someone could provide me a technical answer on this, even recommend me a book to read or docs regarding it. Kind regards, Claudiu
