ukecana stanice

Marian Hercek marian.hercek at ucm.sk
Wed Aug 2 13:36:32 CEST 2006


Mozno by stacilo v httpd.conf dat 
ServerTokens ProductOnly

Pre SSH sa tusim verzia neda ani utajit, mozno editovanim zdrojakov a
rekompilaciou.
Mam tusenie, ze sshd_banner s tym nema nic spolocne.

> -----Original Message-----
> From: users-l-bounces at freebsd.cz 
> [mailto:users-l-bounces at freebsd.cz] On Behalf Of lucielukes
> Sent: Wednesday, August 02, 2006 12:56 PM
> To: users-l at freebsd.cz
> Subject: ukecana stanice
> 
> Dobry den,
> obracim se na Vas s prosbou o radu. Mam hodne ukecanou domaci 
> stanici s FreeBSD 6.1-RELEASE.
> Kluci od nas z baraku, pres ktere jsme pripojeni, nam 
> skenovali PC s: nmap -A -P0 nebo nmap  -sV -P0. System im 
> toho zdelil pomerne dost hodne. 
> Da se s tim neco udelat? Staci upravit pravidla na PF Filtru 
> aby FreeBSD nedalo o sobe nic znat ? 
> 
> Predem dekuji za odpoved.
> 
> Lucie
> 
> lulu ~$ nmap  -sV -P0 10.42.10.23
> 
> Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 
> 2006-08-02 12:29 CEST
> Interesting ports on 10.42.10.23:
> Not shown: 1678 filtered ports
> PORT    STATE SERVICE  VERSION
> 22/tcp  open  ssh      OpenSSH 4.2p1 (FreeBSD 20050903; protocol 2.0)
> 443/tcp open  ssl/http Apache httpd 2.0.58 ((FreeBSD) 
> PHP/4.4.2 mod_ssl/2.0.58 OpenSSL/0.9.7e-p1 mod_perl/2.0.2 Perl/v5.8.8)
> Service Info: OS: FreeBSD
> 
> Nmap finished: 1 IP address (1 host up) scanned in 88.985 seconds
> 
> Ruleset pf.conf:
> --------------------------------------------------------------
> --------------
> ext_if="rl0"
> scrub in all
> 
> block in quick on $ext_if inet from { 127.0.0.0/8, 192.168.0.0/16, \
> 172.16.0.0/12 } to any
> block out quick on $ext_if inet from any to { 127.0.0.0/8, 
> 192.168.0.0/16, \
> 172.16.0.0/12}
> 
> block in on $ext_if all
> 
> pass in log on $ext_if inet proto tcp from any to any port 22 \
> flags S/SA keep state
> 
> pass in log on $ext_if inet proto tcp from any to any port 443 \
> flags S/SA keep state
> 
> block out on $ext_if all
> pass out on $ext_if inet proto tcp all flags S/SA keep state
> pass out on $ext_if inet proto udp all keep state
> pass out on $ext_if inet proto icmp all keep state
> --------------------------------------------------------------
> ------------------
> -- 
> FreeBSD mailing list (users-l at freebsd.cz)
> http://www.freebsd.cz/listserv/listinfo/users-l
> 
> 
> ________ Information from NOD32 ________
> This message was checked by NOD32 Antivirus System for Linux 
> Mail Server.



________ Information from NOD32 ________
This message was checked by NOD32 Antivirus System for Linux Mail Server.




More information about the Users-l mailing list