ukecana stanice

Jan Dušátko jan_dusatko at post.cz
Wed Aug 2 14:02:02 CEST 2006

Previous message: ukecana stanice
Next message: ukecana stanice
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ahoj
pokud pouzivas pf, je mozne se branit scanu nmapem, jinak se obavam, ze
ostatni nelze. doporucil bych vypnout veskere nepotrebne sluzby, pripadne je
pouzit pouze na vnitrnim if a nastavit ssh. to zustane sice jeste ukecane,
ale bude toho tam co mozna nejmene.
Honza

-----Original Message-----
From: users-l-bounces at freebsd.cz [mailto:users-l-bounces at freebsd.cz] On
Behalf Of lucielukes
Sent: Wednesday, August 02, 2006 12:56 PM
To: users-l at freebsd.cz
Subject: ukecana stanice


Dobry den,
obracim se na Vas s prosbou o radu. Mam hodne ukecanou domaci stanici s
FreeBSD 6.1-RELEASE. Kluci od nas z baraku, pres ktere jsme pripojeni, nam
skenovali PC s: nmap -A -P0 nebo nmap  -sV -P0. System im toho zdelil
pomerne dost hodne. 
Da se s tim neco udelat? Staci upravit pravidla na PF Filtru aby FreeBSD
nedalo o sobe nic znat ? 

Predem dekuji za odpoved.

Lucie

lulu ~$ nmap  -sV -P0 10.42.10.23

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2006-08-02 12:29
CEST Interesting ports on 10.42.10.23: Not shown: 1678 filtered ports
PORT    STATE SERVICE  VERSION
22/tcp  open  ssh      OpenSSH 4.2p1 (FreeBSD 20050903; protocol 2.0)
443/tcp open  ssl/http Apache httpd 2.0.58 ((FreeBSD) PHP/4.4.2
mod_ssl/2.0.58 OpenSSL/0.9.7e-p1 mod_perl/2.0.2 Perl/v5.8.8) Service Info:
OS: FreeBSD

Nmap finished: 1 IP address (1 host up) scanned in 88.985 seconds

Ruleset pf.conf:
----------------------------------------------------------------------------
ext_if="rl0"
scrub in all

block in quick on $ext_if inet from { 127.0.0.0/8, 192.168.0.0/16, \
172.16.0.0/12 } to any block out quick on $ext_if inet from any to {
127.0.0.0/8, 192.168.0.0/16, \ 172.16.0.0/12}

block in on $ext_if all

pass in log on $ext_if inet proto tcp from any to any port 22 \ flags S/SA
keep state

pass in log on $ext_if inet proto tcp from any to any port 443 \ flags S/SA
keep state

block out on $ext_if all
pass out on $ext_if inet proto tcp all flags S/SA keep state pass out on
$ext_if inet proto udp all keep state pass out on $ext_if inet proto icmp
all keep state
----------------------------------------------------------------------------
----
-- 
FreeBSD mailing list (users-l at freebsd.cz)
http://www.freebsd.cz/listserv/listinfo/users-l

Previous message: ukecana stanice
Next message: ukecana stanice
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list