From owner-freebsd-security Fri Jan 26 2: 1:14 2001 Delivered-To: freebsd-security@freebsd.org Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.189]) by hub.freebsd.org (Postfix) with SMTP id 037DA37B698 for ; Fri, 26 Jan 2001 02:00:53 -0800 (PST) Received: (qmail 6861 invoked by uid 1000); 26 Jan 2001 09:58:59 -0000 Date: Fri, 26 Jan 2001 11:58:59 +0200 From: Peter Pentchev To: Dennis Rand Cc: freebsd-security@freebsd.org Subject: Re: ICMP attacks Message-ID: <20010126115858.B5418@ringworld.oblivion.bg> Mail-Followup-To: Dennis Rand , freebsd-security@freebsd.org References: <3A715799.8EECF43@incorp.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3A715799.8EECF43@incorp.dk>; from dr@incorp.dk on Fri, Jan 26, 2001 at 10:55:21AM +0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Jan 26, 2001 at 10:55:21AM +0000, Dennis Rand wrote: > I also have this problem but that is when i portscan my computer from another > host so is there a place or a log where i can check what IP has caused this You can make your firewall log all denied packets - it's those that cause ICMP responses, mostly. I'm not sure logging all denied packets is a good idea, though, especially if you expect - or even deem it possible - that you might be attacked. Trust me, I've had syslogd hog my CPU during a portscan :) G'luck, Peter -- When you are not looking at it, this sentence is in Spanish. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message