Re: how to stop being scanned by nmap? - Ben Eisenbraun - org.freebsd.freebsd-questions

2 messages in org.freebsd.freebsd-questionsRe: how to stop being scanned by nmap?

From	Sent On	Attachments
Ivan S. Anisimov	Oct 13, 2000 9:03 am
Ben Eisenbraun	Oct 13, 2000 10:33 am

Subject:	Re: how to stop being scanned by nmap?
From:	Ben Eisenbraun (bpei...@yahoo.com)
Date:	Oct 13, 2000 10:33:01 am
List:	org.freebsd.freebsd-questions

On Fri, 13 Oct 2000, Ivan S. Anisimov wrote:

I saw somewhere an undocumented option in kernel config that somehow refuses SYN & ACK requests that prevents software

From /usr/src/sys/i386/conf/LINT :

# TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. This # prevents nmap et al. from identifying the TCP/IP stack, but breaks support # for RFC1644 extensions and is not recommended for web servers. # # TCP_RESTRICT_RST adds support for blocking the emission of TCP RST packets. # This is useful on systems which are exposed to SYN floods (e.g. IRC servers) # or any system which one does not want to be easily portscannable.

options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN options TCP_RESTRICT_RST #restrict emission of TCP RST

Looks documented to me. :-)

-ben

To Unsubscribe: send mail to majo...@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets