From owner-freebsd-security Tue Mar 13 23:32:27 2001 Delivered-To: freebsd-security@freebsd.org Received: from castle.dreaming.org (castle.dreaming.org [216.221.214.170]) by hub.freebsd.org (Postfix) with ESMTP id DDEB137B718; Tue, 13 Mar 2001 23:32:11 -0800 (PST) (envelope-from mit@mitayai.net) Received: (from root@localhost) by castle.dreaming.org (8.11.2/8.11.2) id f2E7WBx78903; Wed, 14 Mar 2001 02:32:11 -0500 (EST) (envelope-from mit@mitayai.net) Received: from cr592943a (cr592943-a.bloor1.on.wave.home.com [24.156.38.199]) by castle.dreaming.org (8.11.2/8.11.2av) with SMTP id f2E7W9t78895; Wed, 14 Mar 2001 02:32:09 -0500 (EST) (envelope-from mit@mitayai.net) From: "Will Mitayai Keeso Rowe" To: Cc: Subject: RE: ICMP attacks Date: Wed, 14 Mar 2001 02:29:17 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <980521178.3a7190da7ba07@mail.marketnews.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal X-Virus-Scanned: by AMaViS perl-10 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org i'd love to use snort, but i keep getting this: [castle:root]/usr/ports/security/snort# make -DWITH_MYSQL=yes clean install ===> Cleaning for snort-1.7 ===> Extracting for snort-1.7 >> Checksum OK for snort-1.7.tar.gz. gzip: stdout: Broken pipe ===> Patching for snort-1.7 ===> Configuring for snort-1.7 :-----Original Message----- :From: owner-freebsd-security@FreeBSD.ORG :[mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of :mharding@marketnews.com :Sent: January 26, 2001 10:00 AM :To: Will Mitayai Keeso Rowe :Cc: freebsd-security@FreeBSD.ORG :Subject: Re: ICMP attacks : : :Try using a Intrusion detection system. Snort works well for me. :If this is :just a port scan it will show a lot of different attack warnings as the :different ports are hit, but it will show what IP is doing it. : :Mason : :Quoting Will Mitayai Keeso Rowe : : :> > icmp-response bandwidth limit 205/200 pps :> > icmp-response bandwidth limit 264/200 pps :> > icmp-response bandwidth limit 269/200 pps :> > icmp-response bandwidth limit 273/200 pps :> > icmp-response bandwidth limit 273/200 pps :> > icmp-response bandwidth limit 271/200 pps :> > icmp-response bandwidth limit 261/200 pps :> > icmp-response bandwidth limit 268/200 pps :> > icmp-response bandwidth limit 205/200 pps :> > icmp-response bandwidth limit 223/200 pps :> :> Is there any way to trace the people that are causing this? It's :> becoming a :> daily occurance and it's beginning to irritate me. :> :> -Mit :> :> :> :> :> :> To Unsubscribe: send mail to majordomo@FreeBSD.org :> with "unsubscribe freebsd-security" in the body of the message :> : : :To Unsubscribe: send mail to majordomo@FreeBSD.org :with "unsubscribe freebsd-security" in the body of the message : : To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message