From owner-freebsd-security@FreeBSD.ORG Sat Feb 7 02:56:44 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8EA2816A4CE for ; Sat, 7 Feb 2004 02:56:44 -0800 (PST) Received: from mars.powweb.com (mars.powweb.com [66.152.97.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8922943D1D for ; Sat, 7 Feb 2004 02:56:44 -0800 (PST) (envelope-from mikhailg@webanoide.org) Received: from www.webanoide.org (localhost [127.0.0.1]) by mars.powweb.com (Postfix) with SMTP id 60BC82B8D8; Sat, 7 Feb 2004 02:56:45 -0800 (PST) Received: from 203.220.118.239 (SquirrelMail authenticated user mikhailg) by www.webanoide.org with HTTP; Sat, 7 Feb 2004 21:56:45 +1100 (EST) Message-ID: <3442.203.220.118.239.1076151405.squirrel@www.webanoide.org> In-Reply-To: <1076133554.40247eb21c430@webmail.icenetworks.com> References: <0FDD52D38220D611B7CC0004763B3744F80821@HNTS-04><4023AD12.6070106@sitetronics.com><6.0.0.22.2.20040206104336.0587c5a0@localhost><20040206151109.S921@cithaeron.argolis.org><6.0.0.22.2.20040206132723.058bf848@localhost><20040206212310.GJ94075@binary.net> <1076133554.40247eb21c430@webmail.icenetworks.com> Date: Sat, 7 Feb 2004 21:56:45 +1100 (EST) From: "Mikhail Goriachev" To: jhernandez@progrexive.com User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-security@freebsd.org Subject: Re: SYN Attacks - how i cant stop it X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Feb 2004 10:56:44 -0000 > How i cant stop the SYN and Port Scanner Attacks. I have a attacks all > nights. > Check this. I get this phenomena from time to time too... I reckon some kiddies are trying to get in by scanning ports. > Feb 6 13:33:17 TCP: port scan mode expired for > ANancy-106-1-4-183.w81-248.abo.wanadoo.fr (81.248.192.183) - received a > total Now this wanadoo.fr looks familiar. Couple of months ago a friend of mine detected way too much activity on his FTP server which wasn't secured (just a default installation). He later found that someone (through wanadoo.fr) was using his FTP server as a WAREZ storage by creating a folder with " " name (just an empty space so you couldn't see it by having a quick look using 'ls'). Off topic but I think this is worth mentioning. > > Regards, > Jean > > > > ------------------------------------------------- > This mail sent through ICENetworks.com: http://www.icenetworks.com > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" > -- -------------------------------------- Mikhail Goriachev Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 e-mail: mikhailg@webanoide.org URL: http://www.webanoide.org GPG Key ID: 4E148A3B --------------------------------------