From owner-freebsd-security Fri Jan 26 7: 0:15 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.marketnews.com (mail.economeister.com [205.183.200.2]) by hub.freebsd.org (Postfix) with ESMTP id 89F0037B400 for ; Fri, 26 Jan 2001 06:59:55 -0800 (PST) Received: (from nobody@localhost) by mail.marketnews.com (8.11.0/8.9.3) id f0QExcZ56271; Fri, 26 Jan 2001 09:59:38 -0500 (EST) X-Authentication-Warning: mail.marketnews.com: nobody set sender to mharding@marketnews.com using -f To: Will Mitayai Keeso Rowe Subject: Re: ICMP attacks Message-ID: <980521178.3a7190da7ba07@mail.marketnews.com> Date: Fri, 26 Jan 2001 09:59:38 -0500 From: Cc: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit User-Agent: IMP/PHP IMAP webmail program 2.2.0-pre13 X-Originating-IP: 63.23.140.194 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Try using a Intrusion detection system. Snort works well for me. If this is just a port scan it will show a lot of different attack warnings as the different ports are hit, but it will show what IP is doing it. Mason Quoting Will Mitayai Keeso Rowe : > > icmp-response bandwidth limit 205/200 pps > > icmp-response bandwidth limit 264/200 pps > > icmp-response bandwidth limit 269/200 pps > > icmp-response bandwidth limit 273/200 pps > > icmp-response bandwidth limit 273/200 pps > > icmp-response bandwidth limit 271/200 pps > > icmp-response bandwidth limit 261/200 pps > > icmp-response bandwidth limit 268/200 pps > > icmp-response bandwidth limit 205/200 pps > > icmp-response bandwidth limit 223/200 pps > > Is there any way to trace the people that are causing this? It's > becoming a > daily occurance and it's beginning to irritate me. > > -Mit > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message