ukecana stanice
Marian Hercek
marian.hercek at ucm.sk
Wed Aug 2 13:36:32 CEST 2006
Mozno by stacilo v httpd.conf dat
ServerTokens ProductOnly
Pre SSH sa tusim verzia neda ani utajit, mozno editovanim zdrojakov a
rekompilaciou.
Mam tusenie, ze sshd_banner s tym nema nic spolocne.
> -----Original Message-----
> From: users-l-bounces at freebsd.cz
> [mailto:users-l-bounces at freebsd.cz] On Behalf Of lucielukes
> Sent: Wednesday, August 02, 2006 12:56 PM
> To: users-l at freebsd.cz
> Subject: ukecana stanice
>
> Dobry den,
> obracim se na Vas s prosbou o radu. Mam hodne ukecanou domaci
> stanici s FreeBSD 6.1-RELEASE.
> Kluci od nas z baraku, pres ktere jsme pripojeni, nam
> skenovali PC s: nmap -A -P0 nebo nmap -sV -P0. System im
> toho zdelil pomerne dost hodne.
> Da se s tim neco udelat? Staci upravit pravidla na PF Filtru
> aby FreeBSD nedalo o sobe nic znat ?
>
> Predem dekuji za odpoved.
>
> Lucie
>
> lulu ~$ nmap -sV -P0 10.42.10.23
>
> Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at
> 2006-08-02 12:29 CEST
> Interesting ports on 10.42.10.23:
> Not shown: 1678 filtered ports
> PORT STATE SERVICE VERSION
> 22/tcp open ssh OpenSSH 4.2p1 (FreeBSD 20050903; protocol 2.0)
> 443/tcp open ssl/http Apache httpd 2.0.58 ((FreeBSD)
> PHP/4.4.2 mod_ssl/2.0.58 OpenSSL/0.9.7e-p1 mod_perl/2.0.2 Perl/v5.8.8)
> Service Info: OS: FreeBSD
>
> Nmap finished: 1 IP address (1 host up) scanned in 88.985 seconds
>
> Ruleset pf.conf:
> --------------------------------------------------------------
> --------------
> ext_if="rl0"
> scrub in all
>
> block in quick on $ext_if inet from { 127.0.0.0/8, 192.168.0.0/16, \
> 172.16.0.0/12 } to any
> block out quick on $ext_if inet from any to { 127.0.0.0/8,
> 192.168.0.0/16, \
> 172.16.0.0/12}
>
> block in on $ext_if all
>
> pass in log on $ext_if inet proto tcp from any to any port 22 \
> flags S/SA keep state
>
> pass in log on $ext_if inet proto tcp from any to any port 443 \
> flags S/SA keep state
>
> block out on $ext_if all
> pass out on $ext_if inet proto tcp all flags S/SA keep state
> pass out on $ext_if inet proto udp all keep state
> pass out on $ext_if inet proto icmp all keep state
> --------------------------------------------------------------
> ------------------
> --
> FreeBSD mailing list (users-l at freebsd.cz)
> http://www.freebsd.cz/listserv/listinfo/users-l
>
>
> ________ Information from NOD32 ________
> This message was checked by NOD32 Antivirus System for Linux
> Mail Server.
________ Information from NOD32 ________
This message was checked by NOD32 Antivirus System for Linux Mail Server.
More information about the Users-l
mailing list