Date: Tue, 13 Dec 2016 15:52:59 +0000 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-current@freebsd.org Subject: Re: Log spam: Limiting * response from 1 to 200 packets/sec Message-ID: <357f7400-3058-d890-c1c5-973d6bde614a@FreeBSD.org> In-Reply-To: <1eb2e94b-c460-8116-8ffc-f7884be644f7@protected-networks.net> References: <630314dc-e14f-02e7-aa48-4456b0feeef9@protected-networks.net> <8332C070-E7C8-4CF3-B5DF-2355D9FA20D1@FreeBSD.org> <1eb2e94b-c460-8116-8ffc-f7884be644f7@protected-networks.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --40JEdxUHi6MRWTEQv2JMFc2aD9ACVB3tm Content-Type: multipart/mixed; boundary="BCi629lBvfPCxTO2bCUA9imoxrB7K32W3"; protected-headers="v1" From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-current@freebsd.org Message-ID: <357f7400-3058-d890-c1c5-973d6bde614a@FreeBSD.org> Subject: Re: Log spam: Limiting * response from 1 to 200 packets/sec References: <630314dc-e14f-02e7-aa48-4456b0feeef9@protected-networks.net> <8332C070-E7C8-4CF3-B5DF-2355D9FA20D1@FreeBSD.org> <1eb2e94b-c460-8116-8ffc-f7884be644f7@protected-networks.net> In-Reply-To: <1eb2e94b-c460-8116-8ffc-f7884be644f7@protected-networks.net> --BCi629lBvfPCxTO2bCUA9imoxrB7K32W3 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2016/12/13 15:43, Michael Butler wrote: > On 12/13/16 10:29, Dimitry Andric wrote: >=20 >> Somebody is most likely port scanning your machines. I see this all t= he >> time on boxes connected to the internet. >=20 > As are mine. I wouldn't mind so much if the message contained sufficien= t > useful information that could be acted on, e.g. originating IP address > and, when appropriate, destination port. If you want that sort of information, you can use pf(4) with a default rule to log and reject connections to your system. (Plus rules to permit traffic to legitimate services, obviously.) You can also just 'drop' the denied connections rather than the default response of sending back an ICMP unreachable or reset response, which will save you sending out a lot of itty-bitty packets that the port scanners wouldn't pay attention to anyhow. Cheers, Matthew --BCi629lBvfPCxTO2bCUA9imoxrB7K32W3-- --40JEdxUHi6MRWTEQv2JMFc2aD9ACVB3tm Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQJ8BAEBCgBmBQJYUBlbXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTnLd4P/3sIOxRp22JNSIEAGaqj/jEX iOW+Hu+aVdOQxDrwHkDFJVfMKWPhqX9iOu8XZAEBLMAtPqlHkB4B91fxmmkZzH3O 6fHrkbvTXN/xf/JL+uE3MIDurPHrLeFW4c+u9KtY5nY7uMQBtbzW7UFYhHp8KNBm euHGCzCeQY4lygxt71gracfzpME/cFvQXM0Up+0XN8cHNt9JiBB4X/llaz/vaa9i P3iny6uGWtUEfsePKcSmEMqk1HwV8slMfM5Quv6gXvSq6HcIqEvmEEHu4gkMGoa7 4onnZ5SqziHqIAtOvEWwBLugg443f9tovLV+wzznJvsKjT5KB8zpvFJB/tmkDLE/ r9nmSMGWN7RytyRt7NXE1ST3Gqj+txDFSa/OzT5RAVNeqXN8GkPmevFuY2+UHEMS TV7uTpoAw4XLJtv26AmBqQcpzPBoZGHQpEkWqRg82v362CVPTYWUq8IPSFR0cZ36 dKI5cwCe02KNpFR0qs5ZhB6nQPIqJFAl+OPUfI7mFiRft3T3YVsrijST861Ns247 Ofdz5HwmRd6B1v0a94ZGSWJdMOYOpp31wuS49mwuMQ45YBHQYUqQkTCvAx38JYKP xeCuvuPJddbI3t8rfW0vQW0jUhYX/u/OdkSvj4c4kbG8KJMbHT+6dPsEY4q2IAZ6 MxGQsCNXj1HjzOdYACN7 =fJn4 -----END PGP SIGNATURE----- --40JEdxUHi6MRWTEQv2JMFc2aD9ACVB3tm--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?357f7400-3058-d890-c1c5-973d6bde614a>