On Thursday 30 November 2006 13:10, Chuck Swiger wrote: > On Nov 30, 2006, at 10:55 AM, Wasp King wrote: > > 1. How do I stop others from port scanning a server? > > Marcus Ranum suggests using wirecutters on the ethernet cable. > If the server is internet-reachable, then it can be port-scanned. > > Less drastic measures than removing it from the network entirely > would including configuring a firewall to block all ports except > those absolutely required for the necessary functions which the > machine needs to perform, and "hardening" the OS to reduce the > potential exposure. > > > 2. is stopping the response to pinging enough? > > No. > > > 3. how to do I stop the server from responding to pinging? > > Use a firewall like ipfw or ipf to block ICMP traffic types 0 & 8: > > ipfw add 1 deny icmp from any to any icmptype 0,8
I find it a tad ironic that someone running FBSD 4.2 is worried about getting port scanned.....or maybe that's why he is worried, since the laundry list of exploits and holes against a box running something that old and unsupported is fearsome. -- Thanks, Josh Paetzel _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"