From owner-freebsd-questions@FreeBSD.ORG  Tue Dec 30 12:05:56 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6353F16A4CF
	for <freebsd-questions@freebsd.org>;
	Tue, 30 Dec 2003 12:05:56 -0800 (PST)
Received: from kifco.net (host4.kifco.net [216.65.57.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6240043D31
	for <freebsd-questions@freebsd.org>;
	Tue, 30 Dec 2003 12:05:54 -0800 (PST)	(envelope-from Admin@kifco.net)
Received: from kifco.net (deadline@localhost [127.0.0.1])
	by kifco.net (8.12.8p1/8.12.8) with ESMTP id hBUGDmpD061266
	for <freebsd-questions@freebsd.org>; Tue, 30 Dec 2003 16:13:48 GMT
	(envelope-from Admin@kifco.net)
From: "Marwan Sultan" <Admin@kifco.net>
To: "FreeBSD questions List" <freebsd-questions@freebsd.org>
Date: Tue, 30 Dec 2003 19:13:48 +0300
Message-Id: <20031230160934.M41350@kifco.net>
X-Mailer: Open WebMail
X-OriginatingIP: 195.226.253.106
MIME-Version: 1.0
Content-Type: text/plain;
	charset=iso-8859-1
Subject: Prevent Port scaning
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Dec 2003 20:05:56 -0000


Hello Subscribers..

 Happy new year for all,

 My /var/log/messages  and /var/log/dmesg.today
 Is full of the following lines:

Limiting open port RST response from 332 to 200 packets per second
Limiting open port RST response from 212 to 200 packets per second
Limiting open port RST response from 204 to 200 packets per second

/kernel: Limiting open port RST response from 335 to 200 packets per second
/kernel: Limiting open port RST response from 250 to 200 packets per second
/kernel: Limiting open port RST response from 248 to 200 packets per second

Which means someone scanning my ports. (correct me if im wrong)

My question is:
How to prevent this? I asumed that I should put the IP in deny list.
But where is the IP?
I cannot find any IP in my logs that it shows who is doing the scan.
or trying to hack..or whatever,
Anyone can advise please?
Since once in past i post my server real IP on this list,
and this scanning didnot stop.

--
Marwan Sultan