Date: Mon, 1 Oct 2007 13:25:05 +1000 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Kurt Buff <kurt.buff@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Security report question Message-ID: <Pine.BSF.3.96.1071001131221.13846B-100000@gaia.nimnet.asn.au> In-Reply-To: <20071001005441.1E47F16A4CD@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 30 Sep 2007 09:41:00 -0700 Kurt Buff <kurt.buff@gmail.com> wrote: > On 9/30/07, Chuck Swiger <cswiger@mac.com> wrote: > > Kurt Buff wrote: > > [ ... ] > > > +Limiting closed port RST response from 283 to 200 packets/sec > > > > > > I don't know what this means, though I suspect it could mean that I'm > > > being port scanned. Is this a reasonable guess? > > > > Yes. It could also be something beating really hard on a single closed port, too. > > > > -- > > -Chuck > > Thanks. This, coupled with some invalid SSH login attempts from a > known user, has made me quite suspicious. I think, though, that this > is all that I can call it at this point - suspcious. > > Anything further I could turn up to monitor/log what's going on? It may help in spotting unwanted stuff getting past your firewall, to either add to /etc/rc.conf: log_in_vain="1" or (coming to the same thing) add to /etc/sysctl.conf: net.inet.tcp.log_in_vain=1 net.inet.udp.log_in_vain=1 You can set the latter two sysctls immediately, of course. Cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1071001131221.13846B-100000>