From owner-freebsd-questions@FreeBSD.ORG Sun Sep 30 16:41:10 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6D6F616A418 for ; Sun, 30 Sep 2007 16:41:10 +0000 (UTC) (envelope-from kurt.buff@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.229]) by mx1.freebsd.org (Postfix) with ESMTP id 2E9F413C480 for ; Sun, 30 Sep 2007 16:41:09 +0000 (UTC) (envelope-from kurt.buff@gmail.com) Received: by wr-out-0506.google.com with SMTP id 70so1575851wra for ; Sun, 30 Sep 2007 09:41:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=aSlVixW2iSM4OhkyDvw6aWMiqiOEcZ1AXgudnQvwGdU=; b=IGU7n4SHfUwwN8Tcamw3AaS0SBCyTAauTucaSAF9nzEyHsb6jyVe3DUw4Yp81czGdl5u68oMNtdiWxoRQYVQuRE94P/yQflGNgUHg3scVxtGdeCS4qsK8FFlO/uLCPzh7XZvNL9c1KJeTxpatSR02xtBK7MCBCZ7xs7se+G3caQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=gOhoDpCnvG7c5NYm5Fe4xOEBqJuWF4poXIADPaBmqU5gSXobAuDp/ZojsYE+GCa3XxAp5tHuyljjpV7kEAu+cXywNcoZynW8ePSTX725We+jTAg3YBAcaqr0gO94PDsF5ebC3o/nZXSEV/6CW0Hk63w3tPLiMhfaE0A5pA6+nNs= Received: by 10.90.32.12 with SMTP id f12mr2304824agf.1191170460100; Sun, 30 Sep 2007 09:41:00 -0700 (PDT) Received: by 10.143.158.12 with HTTP; Sun, 30 Sep 2007 09:40:59 -0700 (PDT) Message-ID: Date: Sun, 30 Sep 2007 09:41:00 -0700 From: "Kurt Buff" To: "Chuck Swiger" In-Reply-To: <46FF4CF2.3070109@mac.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <46FF4CF2.3070109@mac.com> Cc: freebsd-questions@freebsd.org Subject: Re: Security report question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Sep 2007 16:41:10 -0000 On 9/30/07, Chuck Swiger wrote: > Kurt Buff wrote: > [ ... ] > > +Limiting closed port RST response from 283 to 200 packets/sec > > > > I don't know what this means, though I suspect it could mean that I'm > > being port scanned. Is this a reasonable guess? > > Yes. It could also be something beating really hard on a single closed port, too. > > -- > -Chuck Thanks. This, coupled with some invalid SSH login attempts from a known user, has made me quite suspicious. I think, though, that this is all that I can call it at this point - suspcious. Anything further I could turn up to monitor/log what's going on?