From owner-freebsd-questions  Mon Feb 19 23:43: 1 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from obsecurity.dyndns.org (adsl-64-165-226-53.dsl.lsan03.pacbell.net [64.165.226.53])
	by hub.freebsd.org (Postfix) with ESMTP id 7EFFD37B503
	for <freebsd-questions@FreeBSD.ORG>; Mon, 19 Feb 2001 23:42:59 -0800 (PST)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 5AD0766B09; Mon, 19 Feb 2001 23:42:59 -0800 (PST)
Date: Mon, 19 Feb 2001 23:42:59 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Brent <bierblb@netins.net>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Port Scanning
Message-ID: <20010219234259.C77228@mollari.cthul.hu>
References: <CLEBKGOHKNELHPEDDJJIAEJOCJAA.bierblb@netins.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="/Uq4LBwYP4y1W6pO"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <CLEBKGOHKNELHPEDDJJIAEJOCJAA.bierblb@netins.net>; from bierblb@netins.net on Tue, Feb 20, 2001 at 12:12:32AM -0600
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


--/Uq4LBwYP4y1W6pO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Feb 20, 2001 at 12:12:32AM -0600, Brent wrote:
> I have a couple questions:
>=20
> 1) What does these errors mean? I am getting quite a few.
>=20
> icmp-response bandwidth limit 216/200 pps
> icmp-response bandwidth limit 231/200 pps

Search the mailing list archives for a description of what's going on.

> 2) What are some good programs to use to watch for ping floods and port
> scans?  I use portsentry currently, but that doesn't do very well in the
> ping flood area as it does in the port scanning, since it just watches for
> traffic over certain ports.

You can't go past snort, IMO. Use the vision.conf file downloaded from
www.whitehats.com/ids

Kris

--/Uq4LBwYP4y1W6pO
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6kiADWry0BWjoQKURAmobAKDa49KcBVi57ou6vd8VbB/iebd/jQCgrHOT
ToU4nuvn/yf6THYzlW8UACE=
=Z4BM
-----END PGP SIGNATURE-----

--/Uq4LBwYP4y1W6pO--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message