Date: Mon, 19 Feb 2001 23:42:59 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Brent <bierblb@netins.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Port Scanning Message-ID: <20010219234259.C77228@mollari.cthul.hu> In-Reply-To: <CLEBKGOHKNELHPEDDJJIAEJOCJAA.bierblb@netins.net>; from bierblb@netins.net on Tue, Feb 20, 2001 at 12:12:32AM -0600 References: <CLEBKGOHKNELHPEDDJJIAEJOCJAA.bierblb@netins.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--/Uq4LBwYP4y1W6pO Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Feb 20, 2001 at 12:12:32AM -0600, Brent wrote: > I have a couple questions: >=20 > 1) What does these errors mean? I am getting quite a few. >=20 > icmp-response bandwidth limit 216/200 pps > icmp-response bandwidth limit 231/200 pps Search the mailing list archives for a description of what's going on. > 2) What are some good programs to use to watch for ping floods and port > scans? I use portsentry currently, but that doesn't do very well in the > ping flood area as it does in the port scanning, since it just watches for > traffic over certain ports. You can't go past snort, IMO. Use the vision.conf file downloaded from www.whitehats.com/ids Kris --/Uq4LBwYP4y1W6pO Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6kiADWry0BWjoQKURAmobAKDa49KcBVi57ou6vd8VbB/iebd/jQCgrHOT ToU4nuvn/yf6THYzlW8UACE= =Z4BM -----END PGP SIGNATURE----- --/Uq4LBwYP4y1W6pO-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010219234259.C77228>