For #1 I would say both nmap and nc(1). nmap is a far more flexible port scanner, but nc is part of the base system, and it offers some unique functionality (i.e. allowing you to set up pretend daemons for testing purposes).
I think we should also add a HIDS to list. In the past, security/aide has been my weapon of choice. The mtree(8) application also is a nice makeshift HIDS (as outlined by Dru in BSDHacks).
There are also a couple other FreeBSD-specific security oriented tools and concepts that are essential IMO:
Nevermind. Found the answer to my question. At '1' SYN packets arriving on a closed port will be dropped without a RST packet being sent back. With the value set as '2', all packets arriving on a closed port are dropped without an RST being sent back.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.