ukecana stanice

lucielukes lucielukes at seznam.cz
Wed Aug 2 12:55:34 CEST 2006


Dobry den,
obracim se na Vas s prosbou o radu. Mam hodne ukecanou domaci stanici s FreeBSD 6.1-RELEASE.
Kluci od nas z baraku, pres ktere jsme pripojeni, nam skenovali PC s: nmap -A -P0 nebo nmap  -sV -P0. System im toho zdelil pomerne dost hodne. 
Da se s tim neco udelat? Staci upravit pravidla na PF Filtru aby FreeBSD nedalo o sobe nic znat ? 

Predem dekuji za odpoved.

Lucie

lulu ~$ nmap  -sV -P0 10.42.10.23

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2006-08-02 12:29 CEST
Interesting ports on 10.42.10.23:
Not shown: 1678 filtered ports
PORT    STATE SERVICE  VERSION
22/tcp  open  ssh      OpenSSH 4.2p1 (FreeBSD 20050903; protocol 2.0)
443/tcp open  ssl/http Apache httpd 2.0.58 ((FreeBSD) PHP/4.4.2 mod_ssl/2.0.58 OpenSSL/0.9.7e-p1 mod_perl/2.0.2 Perl/v5.8.8)
Service Info: OS: FreeBSD

Nmap finished: 1 IP address (1 host up) scanned in 88.985 seconds

Ruleset pf.conf:
----------------------------------------------------------------------------
ext_if="rl0"
scrub in all

block in quick on $ext_if inet from { 127.0.0.0/8, 192.168.0.0/16, \
172.16.0.0/12 } to any
block out quick on $ext_if inet from any to { 127.0.0.0/8, 192.168.0.0/16, \
172.16.0.0/12}

block in on $ext_if all

pass in log on $ext_if inet proto tcp from any to any port 22 \
flags S/SA keep state

pass in log on $ext_if inet proto tcp from any to any port 443 \
flags S/SA keep state

block out on $ext_if all
pass out on $ext_if inet proto tcp all flags S/SA keep state
pass out on $ext_if inet proto udp all keep state
pass out on $ext_if inet proto icmp all keep state
--------------------------------------------------------------------------------



More information about the Users-l mailing list