Re: ct Re: NMAP probing of network ports
Boris Karloff wrote: Chris wrote: On Fri, 16 Sep 2005, Boris Karloff wrote: Ain't you 'sposed to be dead?! That's Bela Lugosi... Actually, so is Boris --- Bela Lugosi famously died in the middle of filming Plan 9 from Outer Space (http://www.badmovies.org/movies/plannine/) and is eulogised in a Bauhaus song Bela Lugosi's Dead (http://www.waste.org/bauhaus/l/belalugosisdead.html) I imagine the original poster was being tongue in cheek, and so was I, if, perhaps, rather obscurely. --Alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ct Re: NMAP probing of network ports
Chris wrote: On Fri, 16 Sep 2005, Boris Karloff wrote: Ain't you 'sposed to be dead?! That's Bela Lugosi... --Alex Actually, so is Boris --- My e-mail provider is upgrading the mail server, and apparently someone either mistyped my name when moving my account, or one of the employees there is making a joke. I get that a lot. I'm working with my e-mail provider now trying to get this fixed. For some reason, they seem to be a little busy at the moment -- upgrading an e-mail service isn't simple; and this has a low priority with them. I'm actually pleased someone noticed. Thanks guys. Harold Karloff. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Upgrade your account today for increased storage; mail forwarding or POP enabled e-mail with automatic virus scanning. Visit http://www.canada.com/email/premiumservices.html for more information. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ct Re: NMAP probing of network ports
On Fri, Sep 16, 2005 at 07:36:36AM -0500, Boris Karloff wrote: It appears that when FreeBSD is sent an invalid packet without the SYN or ACK bits set, it responds with a RESET reply regardless of the ipfw rules. It appears this is one of the things nmap is exploiting. Any suggestions on how to modify this behavior? man blackhole ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ct Re: NMAP probing of network ports
Thank you for your reply. As you can see from my first message, blackhole did not work. Harold On Fri, Sep 16, 2005 at 07:36:36AM -0500, Boris Karloff wrote: It appears that when FreeBSD is sent an invalid packet without the SYN or ACK bits set, it responds with a RESET reply regardless of the ipfw rules. It appears this is one of the things nmap is exploiting. Any suggestions on how to modify this behavior? man blackhole ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Upgrade your account today for increased storage; mail forwarding or POP enabled e-mail with automatic virus scanning. Visit http://www.canada.com/email/premiumservices.html for more information. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ct Re: NMAP probing of network ports
Thank you for your reply. Nmap is generating many tcp commands: arp who-has 192.168.0.x tell 192.168.0.5 where x is an incremented number from 0 through 255. The 192.168.0.5 address changes from scan to scan, so blocking the port 192.168.0.5 doesn't work. This behavior is similar to the W32.Welchia.Worm that plagues windoze boxes. Any thoughts on how to stop replying to this command? Thanks. Harold. On Fri, Sep 16, 2005 at 07:36:36AM -0500, Boris Karloff wrote: It appears that when FreeBSD is sent an invalid packet without the SYN or ACK bits set, it responds with a RESET reply regardless of the ipfw rules. It appears this is one of the things nmap is exploiting. Any suggestions on how to modify this behavior? man blackhole Upgrade your account today for increased storage; mail forwarding or POP enabled e-mail with automatic virus scanning. Visit http://www.canada.com/email/premiumservices.html for more information. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ct Re: NMAP probing of network ports
On Fri, 16 Sep 2005, Boris Karloff wrote: Ain't you 'sposed to be dead?! Best regards, Chris Fact is solidified opinion. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ct Re: NMAP probing of network ports
Boris Karloff wrote: Thank you for your reply. Nmap is generating many tcp commands: arp who-has 192.168.0.x tell 192.168.0.5 where x is an incremented number from 0 through 255. The 192.168.0.5 address changes from scan to scan, so blocking the port 192.168.0.5 doesn't work. That's not a TCP command, that's layer-2 ARP traffic, used to map ethernet MAC addresses to IP addresses. Unless you're being scanned from different machines on your LAN, or unless you are scanning from different machines on your LAN, such traffic will only come from the IP of the subnet's router. While you could configure /etc/ethers and disable ARP, frankly, I suspect you are not solving the problem you think you'd be solving. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ct Re: NMAP probing of network ports
Chris wrote: On Fri, 16 Sep 2005, Boris Karloff wrote: Ain't you 'sposed to be dead?! That's Bela Lugosi... --Alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
