From owner-freebsd-security@FreeBSD.ORG Fri Feb 6 23:50:24 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA9E716A4CE for ; Fri, 6 Feb 2004 23:50:24 -0800 (PST) Received: from mailhost.icepr.com (unknown [196.12.160.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 36D7343D2F for ; Fri, 6 Feb 2004 23:50:24 -0800 (PST) (envelope-from jhernandez@progrexive.com) Received: from localhost (patrol.icenetworks.com [::ffff:196.12.160.251]) by mailhost.icepr.com with esmtp; Sat, 07 Feb 2004 01:59:50 -0400 Received: from 69.79.2.125 ([69.79.2.125]) by webmail.icenetworks.com (IMP) with HTTP for ; Sat, 7 Feb 2004 01:59:14 -0400 Message-ID: <1076133554.40247eb21c430@webmail.icenetworks.com> Date: Sat, 7 Feb 2004 01:59:14 -0400 From: "" To: "" References: <0FDD52D38220D611B7CC0004763B3744F80821@HNTS-04> <4023AD12.6070106@sitetronics.com> <6.0.0.22.2.20040206104336.0587c5a0@localhost> <20040206151109.S921@cithaeron.argolis.org> <6.0.0.22.2.20040206132723.058bf848@localhost> <20040206212310.GJ94075@binary.net> In-Reply-To: <20040206212310.GJ94075@binary.net> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) 3.2.2 X-Originating-IP: 69.79.2.125 X-Mime-Autoconverted: from 8bit to 7bit by courier 0.43 Subject: SYN Attacks - how i cant stop it X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Feb 2004 07:50:24 -0000 How i cant stop the SYN and Port Scanner Attacks. I have a attacks all nights. Check this. Feb 6 11:54:24 TCP: port scan detected [port 6667] from 212.165.80.117 [ports 63432,63453,63466,63499,63522,...] Feb 6 11:58:09 TCP: port scan mode expired for 212.165.80.117 - received a total of 38 packets (1064 bytes). Feb 6 12:02:33 ICMP: ping flood mode expired for 65.23.218.180 - received a total of 562 packets (22480 bytes). Feb 6 12:09:51 TCP: port scan detected [port 6667] from 200.37.75.236 [ports 3192,3247,3309,3362,3421,...] Feb 6 12:11:21 TCP: port scan detected [port 6667] from 80.139.185.241 [ports 3114,3514,3960,4360,4795,...] Feb 6 12:12:17 TCP: port scan mode expired for 200.37.75.236 - received a total of 27 packets (756 bytes). Feb 6 12:19:47 TCP: port scan detected [port 6667] from 80.15.16.77 [ports 3048,3471,3819,4259,4648,...] Feb 6 12:23:58 TCP: port scan detected [port 6667] from 213.6.123.252 [ports 3129,3947,4690,3577,4343,...] Feb 6 12:25:52 TCP: port scan mode expired for 80.15.16.77 - received a total of 60 packets (1680 bytes). Feb 6 12:31:54 TCP: port scan detected [port 6667] from 212.165.80.117 [ports 61345,61356,61370,61386,61408,...] Feb 6 12:32:04 TCP: port scan detected [port 6667] from 213.6.125.34 [ports 1157,1509,1928,2294,2741,...] Feb 6 12:33:39 TCP: port scan detected [port 6667] from 200.81.81.174 [ports 4917,4918,4927,4931,4935,...] Feb 6 12:34:22 TCP: port scan mode expired for 212.165.80.117 - received a total of 26 packets (728 bytes). Feb 6 12:34:44 TCP: port scan mode expired for 200.81.81.174 - received a total of 16 packets (448 bytes). Feb 6 12:42:00 TCP: port scan mode expired for 213.6.125.34 - received a total of 93 packets (2604 bytes). Feb 6 12:44:45 TCP: port scan mode expired for 213.6.123.252 - received a total of 186 packets (5208 bytes). Feb 6 12:45:22 TCP: port scan detected [port 6667] from 200.106.106.207 [ports 18072,18091,18113,18157,18172,...] Feb 6 12:49:16 TCP: port scan detected [port 6667] from 200.49.217.132 [ports 4124,4143,4157,4174,4198,...] Feb 6 12:53:29 TCP: port scan mode expired for 80.139.185.241 - received a total of 369 packets (11808 bytes). Feb 6 13:00:16 TCP: port scan detected [port 9999] from 204.117.88.37 [ports 4568,4571,4572,4573,4574,...] Feb 6 13:01:29 TCP: port scan mode expired for 204.117.88.37 - received a total of 352 packets (9856 bytes). Feb 6 13:01:52 TCP: port scan detected [port 9999] from 204.117.88.43 [ports 4883,4885,4886,4887,4888,...] Feb 6 13:02:54 TCP: port scan mode expired for 204.117.88.43 - received a total of 261 packets (7308 bytes). Feb 6 13:04:56 TCP: port scan mode expired for 200.49.217.132 - received a total of 125 packets (3500 bytes). Feb 6 13:16:37 TCP: port scan mode expired for 200.106.106.207 - received a total of 243 packets (6804 bytes). Feb 6 13:26:16 TCP: port scan detected [port 6667] from 200.81.85.232 [ports 1077,1078,1080,1081] Feb 6 13:27:16 TCP: port scan mode expired for 200.81.85.232 - received a total of 16 packets (448 bytes). Feb 6 13:28:11 TCP: port scan detected [port 6667] from 80.38.110.228 [ports 1040,1494,1901,2310,2695,...] Feb 6 13:33:00 TCP: SYN scan mode expired for pD952BE7F.dip.t-dialin.net (217.82.190.127) - received a total of 1073 packets Feb 6 13:33:17 TCP: port scan mode expired for ANancy-106-1-4-183.w81-248.abo.wanadoo.fr (81.248.192.183) - received a total Feb 6 13:35:33 TCP: port scan mode expired for host231-253.pool8175.interbusiness.it (81.75.253.231) - received a total of 25 Feb 6 13:44:25 ICMP: ping flood mode expired for 210.92.221.49 - received a total of 468 packets (30657744 bytes). Feb 6 13:46:13 TCP: port scan detected [port 6667] from A7b25.a.pppool.de (213.6.123.37) [ports 3485,3573,3763,4159,4297,...] Feb 6 13:54:26 TCP: port scan detected [port 6667] from host231-253.pool8175.interbusiness.it (81.75.253.231) [ports 1070,352 Feb 6 14:35:56 TCP: port scan mode expired for host231-253.pool8175.interbusiness.it (81.75.253.231) - received a total of 12 Feb 6 14:46:39 TCP: port scan mode expired for 228.Red-80-38-110.pooles.rima-tde.net (80.38.110.228) - received a total of 18 Feb 6 14:50:45 TCP: port scan detected [port 6667] from A7c22.a.pppool.de (213.6.124.34) [ports 3326,3553,3604,3791,3846,...] Feb 6 14:56:25 ICMP: ping flood detected from 210.92.221.49 Regards, Jean ------------------------------------------------- This mail sent through ICENetworks.com: http://www.icenetworks.com