From owner-freebsd-security Fri Jan 26 11:41: 2 2001 Delivered-To: freebsd-security@freebsd.org Received: from elvis.mu.org (elvis.mu.org [207.154.226.10]) by hub.freebsd.org (Postfix) with ESMTP id 17FDE37B400 for ; Fri, 26 Jan 2001 11:40:45 -0800 (PST) Received: by elvis.mu.org (Postfix, from userid 1088) id 974432B743; Fri, 26 Jan 2001 13:40:34 -0600 (CST) Date: Fri, 26 Jan 2001 13:40:34 -0600 From: Dave McKay To: "Roberto Samarone Araujo (RSA)" Cc: freebsd-security@FreeBSD.ORG Subject: Re: ICMP attacks Message-ID: <20010126134034.A90752@elvis.mu.org> References: <003601c0878c$2ec00040$3cfdf2c8@nirvana> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <003601c0878c$2ec00040$3cfdf2c8@nirvana>; from sama@supridad.com.br on Fri, Jan 26, 2001 at 08:36:10AM -0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Roberto Samarone Araujo (RSA) (sama@supridad.com.br) wrote: > > > icmp-response bandwidth limit 261/200 pps > > > icmp-response bandwidth limit 268/200 pps > > > icmp-response bandwidth limit 205/200 pps > > > icmp-response bandwidth limit 223/200 pps > > Hi, > > Sometimes, when someone is trying to do a port scan, this > message appear so, if you want to know who is trying to make a port scan to > your FreeBSD box you can use the PortsEntry, it will log the ports scan. > You can compile it from the ports collection. This is almost surely nmap working its magic on your box, locally. That is not alot of ICMP you are getting, even for a dialup, it seems you, or one of your users is port scanning. -- Dave McKay dave@mu.org Microsoft Global Network Architect To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message