Date: Tue, 21 Jun 2005 22:12:44 -0500 From: "Troy G." <troyg@digitek-solutions.com> To: freebsd-questions@freebsd.org Subject: Possible Attack? Message-ID: <42B8D72C.1080609@digitek-solutions.com>
next in thread | raw e-mail | index | archive | help
Hi all, I was going through a few servers tonight and came across this in /var/log/messages. This particular server functions mainly as our primary webserver. Its running FreeBSD 4.8-RELEASE. I decided to take a closer look to see what was generating these entries by loading up trafshow. I noticed quite a bit of icmp requests coming in. I created an access-list on the cisco and filtered icmp to this host and the messages kept logging. It's obvious I didn't see any icmp anymore on the server but is this system under a heavy load? I dont see the load being that high according to top. Any suggestions? Jun 21 21:50:55 mx1 /kernel: Limiting closed port RST response from 230 to 200 packets per second Jun 21 21:51:23 mx1 /kernel: Limiting closed port RST response from 222 to 200 packets per second Jun 21 21:53:02 mx1 /kernel: Limiting closed port RST response from 230 to 200 packets per second TIA, Troy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42B8D72C.1080609>