On Tue, 21 May 2002 05:26:41 +0200 (MEST)
[EMAIL PROTECTED] wrote:
> Dear All,
>
> I use openBSD 3.0, now I want to set my computer can't be ping or scan from
> another computer / network , how can i do this ?
First, OpenBSD 3.1 is now available ! (great news :o)
Then what don't you use pf (packet filter), the OpenBSD's firewall ?
If you don't want people to ping you and scan you then just block all incomming
packet.
block in log quick on [outside-interface] from any to any
You can still add those rule to log people who try to scan you (put them before the
one above) :
#Block SYN+FIN scan
block in log quick on [outside-interface] proto tcp from any to any flags SF
#Block nmap OS fingerprinting attempt
block in log quick on [outside-interface] inet proto tcp from any to any flags
FUP/FUP
Anyway go and have a look at :
http://www.openbsd.org/faq/faq6.html#PF
http://www.deadly.org/pf-howto/html/
http://geodsoft.com/howto/harden/OpenBSD/firewall.htm (Hardening OpenBSD
Internet Servers
Packet Filter and IP Filter on Non Firewalls)
> Another my question is about improving security on OpenBSD, i'm already
> install patches, closed some ports, how make my OpenBSD more secure, i just
> need for ssh server only.
http://minithins.net/papers/FreeBSD.txt (Securing FreeBSD step by step (for
Dummies and even Geeks))
This site is for FreeBSD but will certainly help you with OpenBSD too, I use
it on both :o)
>
> Thanks for your help.
>
> regards,
> Reva
>
> --
> GMX - Die Kommunikationsplattform im Internet.
> http://www.gmx.net
>
