hay! first of all, upgrade to 3.1 (it wes released 4 days ago).
OpenBSD is relatively secure (as i can see it) from remote attacks. they say, they haven't got remote hole for 5 years now (http://www.openbsd.org). it's something. so, you should run "netstat -a" to find all ports that are opened. disable all applications, which are listening on those ports, leave just sshd. it's much more secure than building a strong firewall, but have such crap on machine. when you reach that - just sshd (on port 22) is listening, then you consider about building a firewall. for disable pinging and tracing, just close all ICMP traffic (if you still wanna use those features from machine, pass in icmp-type 3 and 0 and pass out icmp-type 8). try default deny state - that means all incoming traffic should be blocked by default, except explicitly told (port ssh in your case). for run-time building firewall try something like PortSentry (http://www.psionic.com/products/portsentry.html). if you are not the one who will use this computer, try for example HostSentry (http://www.psionic.com/products/hostsentry.html ). it could watch users moves and when he/she do somenthing suspicious it could take actions (send you a mail or smth.). well, about Sentries, there is even LogSentry (http://www.psionic.com/products/logsentry.html ) - and products like it, which can parse your logs and inform you, when strange logs appears. this is not all what you can do for security. you can still use your imagination and try to install RootKit. well this is tricky job, but if you know what you are doing it could be helpfull. -- aleksander žejn, Žejn d.o.o., www.zejn.si ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, May 21, 2002 5:26 AM Subject: improving security on OpenBSD > Dear All, > > I use openBSD 3.0, now I want to set my computer can't be ping or scan from > another computer / network , how can i do this ? > Another my question is about improving security on OpenBSD, i'm already > install patches, closed some ports, how make my OpenBSD more secure, i just > need for ssh server only. > > Thanks for your help. > > regards, > Reva > > -- > GMX - Die Kommunikationsplattform im Internet. > http://www.gmx.net >
